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Set  Constraints  and  Set-Based  Analysis 

NEVIN  HEINTZE*  and  JOXAN  JaFPAR^ 

May  1994 


1  Introduction 

Set  expressions  over  a  signature  E  of  function  symbols  are  a  natural  representation  of  sets 
of  elements  constructed  from  E,  and  set  constraints  express  basic  relationships  between 
these  sets.  In  the  literature,  set  constraints  have  between  used  mostly  in  the  context  of 
uninterpreted  (or  Herbrand)  function  symbols.  Although  these  applications  have  used  set 
constraints  in  quite  different  ways,  a  common  theme  is  the  use  of  set  constraints  to  obtain 
an  approximation  of  some  aspects  of  a  program. 

This  paper  contains  two  main  parts.  The  first  examines  the  set  constraint  calculus, 
discusses  its  history,  and  overviews  the  current  state  of  known  algorithms  and  related  issues. 
Here  we  will  also  survey  the  uses  of  set  constraints,  starting  from  early  work  in  (imperative) 
program  analysis,  to  more  recent  work  in  logic  and  functional  programming  systems. 

The  second  part  describes  set-based  analysis.  The  aim  here  is  a  declarative  interpreta¬ 
tion  of  what  it  means  to  approximate  the  meaning  of  a  program  in  just  one  way:  ignore 
dependencies  between  variables,  and  instead,  reason  about  each  variable  as  the  set  of  its 
possible  runtime  values.  The  basic  approach  starts  with  some  description  of  the  operational 
semantics,  and  then  systematically  replaces  descriptions  of  environments  (mappings  from 
program  variables  to  values)  by  set  environments  (mappings  from  program  variables  to  sets 
of  values)  to  obtain  an  approximate  semantics  called  the  set-based  program  semantics.  The 
next  step  is  to  transform  this  semantics  into  a  set  constraint  problem,  and  finally,  the  set 
ccmstraints  are  solved. 


2  Set  Constraints 

We  present  here  the  general  calculus,  followed  by  a  brief  survey  of  related  work. 

'School  of  Compute!  Sdeuce,  Cuxaegie  Mellon  Univeisity,  Pittsburgh,  PA  15213. 
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2.1  The  Calculus 


The  set  constraint  calculus  is  parameterized  by  an  underlying  domain  of  discourse,  and  a 
set  of  functions  S.  R>r  the  purposes  of  most  this  paper,  we  choose  S  to  be  a  given  collection 
of  uninterpreted  function  symbols,  and  the  domain  of  discourse  is  then  the  ground  terms 
constructed  from  £.  hi  addition  to  E,  we  consider  a  iixed  set  of  set  operators  consisting  of 
union,  intersection,  complementation  and  projections  of  E  functions. 

A  set  ezpression is  either  a  set  variable  (denoted  V,  W,  X,  y,  etc.),  or  of  one  of  the  forms 
/(s«t, . . . , sen)  ox  op{sei, . . . ,  se„),  where  /  6  E,  the  se^  are  set  expressions,  and  op  is  a  set 
operator.  The  set  operators  include  union,  intersection,  complementation  and  projection 
(denoted  where  /  is  an  n-ary  function  symbol  and  1  <  t  <  n).  As  an  example  of 
projection,  the  operator  cons^^j  denotes  the  first  projection  with  respect  to  the  constructor 
cons,  and  is  the  “set”  counterpart  of  car.  It  is  also  convenient  to  include  T  and  ±  in  the 
definition  of  set  expressions  to  respectivdy  denote  the  set  of  all  terms  amd  the  empty  set 
(some  works  use  1  and  0  instead  of  T  and  ±).  A  set  constraint  is  of  the  form  se  D  se'  where 
se  and  sef  are  set  expressions.  We  write  se  =  se'  as  an  abbreviation  for  the  two  constraints 
se  D  se'  and  se'  D  se. 

A  solution  to  a  collection  C  of  set  constraints  is  an  assignment  of  sets  to  set  variables 
that  satisfies  each  constraint.  Specifically,  let  J  be  a  mapping  from  set  variables  into  sets 
of  terms.  Such  a  mapping  can  be  extended  to  map  from  set  expressions  into  sets  of  values: 

•  r(/(sex, . .  .,««n))  *  {fin, . .  .,v„)  :  €  ^(^Ci)}; 

e  J(sei  U  scj)  =  J(sei)  U  J(sea); 

e  I{sei  n  sea)  =  ^'(sei)  nl(sea); 

•  ^(/(7/(««))  =  {«<  •  /(«!•  •  •  •. v„)  6  I(se)}; 

e  1(3?))  =  {v’.vi  I(se)}; 

e  2’(T)  =  all  values,  and  =  {} 

T  is  a  solution  of  a  collection  of  constraints  C  if  J(se)  D  T(se')  for  each  constraint  se  D  se' 
in  C. 

For  example,  let  C  denote  the  single  constraint  X  D  c  \J  f{f{X)),  where  c  is  a  constant 
and  f  is  u  unary  symbol.  C  has  many  models,  including  the  mapping  that  maps  all  set 
variables  into  the  set  {c, /(c), /(/(c)), . . .}.  Another  solution  of  C  is  the  mapping  J  defined 
by 

*■'({}  if  J'  is  different  from  X 

where  /”  abbreviates  n  applications  of  /.  This  solution  is  smaller  than  the  first,  and  is  in 
fact  the  smallest  solution  of  C.  As  another  example,  the  smallest  solution  of  the  following 
constraint  collection  maps  X  into  {o,/’(a),/*(a),. . maps  y  into  {a, /*(o), /^(a),  •  •  •} 
and  maps  Z  into  {/*(o),/‘*(o),  f"ia), . . .}. 
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y  3  «u/»(y) 

2  2  fCi]ixny) 

general,  a  collection  of  set  constraints  does  not  always  have  a  unique  smallest  solution. 
For  example  consider  the  constraint  X  uy  =  a  which  has  two  minimal  solutions;  one  that 
maps  X  to  {a}  and  y  to  the  empty  set,  and  the  other  that  maps  X  to  the  emtpy  set  and 
y  to  {o}.  For  certain  kinds  of  program  analysis,  it  is  natural  to  consider  sub-classes  of 
set  constraints  for  which  least  models  always  exist.  For  example,  consider  constraints  of 
the  form  X  D  se  where  A*  is  a  set  variable  and  se  is  a  set  expression  that  does  not  use 
complementation.  Such  constraints  always  have  a  least  solution.  Somewhat  more  general 
are  the  definite  set  constraints,  which  have  the  form  aD  se  where  a  is  a  set  expression  that 
is  “atomic”  in  the  sense  that  it  is  constructed  solely  from  set  variables  and  function  symbols, 
and  se  is  a  set  expression  that  does  not  use  complementation.  A  collection  of  definite  set 
constr^ts  is  such  that  whenever  it  has  a  solution,  it  will  in  fact  have  a  least  solution. 
Further,  it  can  be  shown  that  this  solution  is  regular  in  the  sense  that  every  variable  is  a 
regular  set,  that  is,  a  set  accepted  by  a  nondetermistic  tree  automaton. 

2.2  A  Brief  History 

The  use  of  set  constraints  for  analysis  of  programs  dates  back  to  the  early  works  by  Reynolds 
[29]  (who  presents  an  analysis  for  a  first-order  functional  language),  and  Jones  and  Muchnick 
[22]  (who  present  an  analysis  for  a  simple  imperative  language).  In  both  of  these  works, 
the  set  constraints  used  are  quite  simple:  the  only  set  operations  employed  are  union  and 
projection  (there  are  no  intersections  or  quantified  expressions).  We  say  more  about  these 
applications  in  the  next  subsection. 

The  general  calculus  of  set  constraints,  as  defined  above,  was  first  formalized  and  studied 
in  a  general  setting  in  [17].  This  work  also  presented  a  decision  procedure  for  the  class 
of  definite  set  constraints  (recall  that  definite  constraints  do  not  contain  the  complement 
symbol,  and  are  restricted  to  the  form  a  D  se  where  the  set  expression  a  contain  only 
variables  and  function  symbols).  This  procedure  further  provides  an  explicit  representation 
of  the  least  model  of  a  (satisfiable)  collection  of  definite  set  constraints.  [17]  also  posed 
decidability  of  the  satisfiability  problem  for  general  set  constraints  as  an  open  question. 

Later,  [1]  proved  the  decidability  of  a  different,  and  incomparable,  class:  the  positive  set 
constraints.  These  are  defined  simply  to  be  set  constraints  not  involving  projection.  This 
procedure  reduces  the  constraints  into  a  simpler  form.  When  reduction  terminates  without 
detecting  inconsistency,  the  resulting  constraints  are  evidently  satisfiable.  Note  that  satis¬ 
fiable  positive  set  constraints  do  not  always  have  a  least  model.  Subsequently,  [9]  provided 
an  alternative  procedure  using  tree  automata  techniques.  Starting  with  Rabin’s  result  [28] 
that  the  theory  of  h-successors  is  deddable,  they  generalized  the  Rabin  automaton  to  ac¬ 
comodate  positive  set  constraints.  They  further  showed  that  satisfiable  positive  constraints 
always  have  a  regular  solution  (all  variables  are  assigned  a  regular  set),  and  a  minimal  and 
maadmal  r^ular  scilution. 

While  the  class  of  definite  constraints  and  the  class  of  positive  classes  are  not  comparable, 
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the  work  [5]  proved  decidability  of  a  class  subsuming  the  two.  Briefly,  the  set  constraints 
considered  here  are  the  positive  ones,  extended  to  allow  projections  in  a  restricted  way. 
The  importance  of  this  work  probably  lies  more  in  the  technique  used:  it  is  proved  that 
set  constraints  can  be  written  into  equivalent  formulas  in  the  monadic  class,  that  is,  first- 
order  formulas  with  unrestricted  quantification,  but  no  function  symbols  and  only  monadic 
predicate  symbols.  The  transformation  is  simple  and  elegant,  and  gave  rise  to  complexity 
results  on  set  constraints  based  on  similar  results  in  the  monadic  class. 

The  next  step  was  taken  by  [10],  who  proved  that  negative  set  constraints,  ie.  the 
extension  to  positve  constraints  with  negations  of  subset  relationships  such  as  sei  %  se^, 
remains  decidable.  Once  again,  tree  automata  techniques  were  used  here.  An  alternative 
procedure  was  then  given  by  [4],  by  reduction  to  a  number-theoretic  decision  problem. 
Subsequently,  [6]  used  the  abovementioned  translation  of  set  constraints  to  the  monadic 
class  to  provide  a  straightforward  procedure  for  deciding  negative  set  constraints.  Note 
that  none  of  these  works  on  negative  constraints  deal  with  projections. 

In  summary,  the  state  of  the  art  for  the  set  constraint  decision  problem  is  largely  deter¬ 
mined  by  the  reduction  to  the  monadic  class  of  formulas.  The  main  question  remains  how 
to  deal  with  (unrestricted)  projection.  At  the  time  of  writing,  we  have  verbsJ  communica¬ 
tion  [26]  indicating  that  the  proof  in  [6]  can  be  extended  to  solve  this  problem.  Thus  the 
question  of  whether  the  general  set  constraint  problem  is  open,  now  becomes  open! 

2.3  Applications 
Early  works 

Two  important  early  works  are  by  Jones  and  Muchnick  [22]  and  Reynolds  [29].  In  [22], 
an  analysis  is  described  for  an  imperative  language  with  LisP-like  data  structures.  The 
essence  here  is  the  construction  of  set  constraints  corresponding  to  a  program  that  capture 
the  fliow  of  values  from  one  variable  to  another  as  the  program  is  executed.  However, 
the  set  constraints  here  are  restricted  so  that  they  can  be  solved  by  a  fairly  straightforward 
algorithm.  In  particular,  the  set  constraints  do  not  contain  a  notion  of  intersection,  and  their 
only  operation  is  projection  (corresponding  to  decomposition  of  data  structures).  Hence 
they  are  not  expressive  enough  to  capture  a  number  of  important  components  of  programs. 
For  example  all  information  about  the  conditions  in  conditional  statements  is  completely 
omitted.  IF^her,  information  relating  to  well  definedness  of  expressions  is  ignored  (for 
example,  after  a  statement  X  =  car{Y),  it  must  be  the  case  that  Y  is  of  the  form  cons{-  •  •) 
because  otherwise  the  program  would  have  terminated  with  ar.  error). 

In  contrast,  the  earlier  paper  [29]  used  set  constraints  to  compute  data  type  definitions 
for  program  variables  in  a  first  order  functional  language.  The  constraints  used  are  similar 
to  those  used  in  [22].  Again  the  only  set  operation  of  the  constraints  is  projection,  and  so 
the  program  approximations  obtained  can  be  considerably  inaccurate. 

In  summary,  the  set  constraints  used  in  these  early  works  are  simple,  but  the  program  ap¬ 
proximations  that  they  define  axe  not  very  accurate.  These  works  viewed  set  constraints  as 
a  tool  for  obtaining  information  about  the  program,  and  the  constraints  themselves  incorpo- 
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rate  a  number  of  ad  hoc  approximations  in  addition  to  ignoring  inter- variable  dependencies. 
As  a  result,  there  is  no  simple  connection  between  the  program  and  its  approximation.  This 
particular  shortcoming  is  one  of  the  motivations  for  set-based  analysis,  discussed  later  in 
this  paper. 

Logic  Programs 

The  use  of  set  constraints  for  the  bottom-up  analysis  of  logic  programs  was  first  considered 
in  [25].  The  set  constraints  in  this  relatively  early  work  were  rather  specialized  and  used  a 
form  of  approximation  called  tuple-distributive  closure  (hereafter  just  called  closure).  This 
closure,  which  was  subsequently  used  in  some  later  works,  has  the  effect  of  enlarging  a  set 
of  terms  S  into  5*  as  follows: 

S*  "  {c  :  c  is  a  constant  in  5}  U  (J  /  {(/("i)  (5))*, .  - . ,  (/{"lii, ,(/))(■?))*) 

yes 

where  /(5t, ...,5„)  denotes  the  set  . •,«n)  •  6  *5^}  and  /(7/(5)  denotes  the  set 

{sj  :  f{si,,..,Sn)  €  5}.  Thus  for  example,  closing  the  set  {/(o,h), /(c,d)}  produces 
{/(fl,fc),/(o,c),/(6,d). /(c,d)}.  The  set  constraints  used  in  [25]  are  like  the  general  ones 
defined  above,  except  that  the  union  operation  is  interpreted  to  be  the  closure  of  the  union 
of  sets. 

A  different  approach  to  approximation  starts  from  the  (bottom-up)  fixpoint  operator  Tp 
of  a  program  P,  and  the  approximate  meaning  of  a  program  is  obtained  by  imposing  closure 
on  each  iteration  of  the  operator.  For  example,  [32]  defined  the  operator  Fi»(‘^)  =*  (^^(•S’))’ 
and  the  approximate  meaning  of  the  program  is  the  least  fixpoint  lfp(Yp)  of  Yp  (which 
is  always  larger  than  the  exact  meaning,  Ifi^Tp)).  In  [16],  a  more  accurate  operator  Tp 
was  used.  (Roughly,  Yp  ignores  inter-argument  dependencies,  while  Tp  ignores  only  inter¬ 
variable  dependencies.)  A  more  recent  work  [8]  used  the  closure  operators  (in  conjunction 
with  another  approximation  technique  called  widening)  to  define  and  compute  a  program 
approodmation. 

The  relationship  between  these  closure-based  fixpoint  operators  and  set  constraints  was 
described  in  [18].  One  result  is  that  the  models  of  the  set  constraints  in  [25],  essentially 
correspond  to  the  fixpoints  of  Tp.  A  similar  result  was  that  the  other  fixpoint  operator  Tp 
corresponded  to  certain  formulas  obtained  from  the  program.  These  formulas  are  similar  to 
but  more  general  than  set  constraints.  The  main  point  here  was  that  the  least  fixed-point 
of  Tp  provided  a  more  accurate  and  intuitive  notion  of  approximation,  and  importantly,  the 
approximation  is  decidable.  It  is  open  as  to  whether  lfp{Yp)  is  decidable. 

Functional  Programs 

The  general  approach  of  [22,  29]  has  been  extended  by  [21]  to  deed  with  higher-order  func¬ 
tions.  This  approach  has  been  further  developed  for  binding  time  analysis  [24],  garbage 
cdlection  [20]  and  gbbalization  of  function  parameters  [30].  One  presentational  difference 
in  these  works  is  the  use  of  various  extensions  of  regular  grammars  instead  of  constraints. 
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Subsequently,  a  number  of  set  constraint  approaches  have  been  developed  for  the  analysis 
of  bigber-order  functional  languages  (see,  for  example,  [27,  12,  2,  3,  13]).  Perhaps  the  most 
devdoped  of  these  approaches  are  those  by  [12,  13]  and  [2,  3].  The  former  starts  with  an 
operational  semantics,  and  develops  a  set-based  analysis  for  this  semantics.  The  constraints 
that  arise  are  briefly  sketched  in  Section  3.3.  In  the  latter,  a  denotational  model  of  the 
program  inspires  the  extraction  of  “type  constraints” ,  which  are  essentially  set  constraints 
(involving  intersection  and  complement  but  not  projection)  over  a  domain  of  downward 
closed  sets  of  flnite  elements  (essentially  the  “ideal”  model  of  types).  We  note  that  both 
works  include  a  mechanism  for  reasoning  about  non-emptiness  of  sets  (these  are  called 
“conditional  types”  in  [3]). 


Sorted  Unification 

Broadly,  sorted  unification  is  the  problem  of  unifying  two  terms  in  the  context  of  a  sort 
theory,  the  latter  imposing  constraints  on  the  values  that  certain  variables  can  take.  The  sort 
theory  is  typically  presented  as  a  sort  signature,  indicating  the  hierarchical  arrangement  of 
the  various  sorts,  together  with  a  specification  on  the  sorts  of  the  various  function  symbols. 
For  example, 

{even  C  tnf,  odd  C  int,  succ  :  odd  — ►  even,  succ  :  even  — ►  odd} 

specifies  that  the  sorts  even  and  odd  both  belong  to  int,  that  the  function  succ  maps  an 
even  integer  into  an  odd  one,  and  vice  versa.  Such  constraints  can  be  naturally  specified  in 
set  constraints: 

Int  —  Odd  U  Even,  Odd  =  0  U  succ{Even),  Even  =  0  U  succ(Odd) 

In  general,  sorted  unification  is  decidable  only  when  the  sort  theory  is  restricted  in  some  way. 
In  the  literature,  a  typical  restriction  is  that  the  sorts  are  regular  sets.  In  [31],  a  restricted 
class  of  set  constraints  is  used  to  represent  the  sort  theory,  and  a  new  sorted  unification 
algorithm  is  presented.  This  work  shows  that  further  development  in  set  constraints  may 
be  useful  for  sorted  unification. 


3  Set-Based  Analysis 

The  basic  approach  of  set-based  program  analysis  starts  with  some  description  of  the  oper¬ 
ational  semantics.  Typically,  such  a  description  involves  environments,  which  describe  the 
values  that  each  variable  may  assume  at  runtime.  The  next  step  is  a  systematic  replacement 
of  environments  into  set  environments,  which  map  variables  into  sets  of  values,  as  opposed 
to  a  sin^e  value.  This  fundamental  step  gives  rise  to  the  notion  of  a  set-based  semantics 
of  a  program.  Next,  the  set-based  semantics  is  reduced  to  a  set  constraint  problem,  and 
finally,  the  set  constraints  are  solved. 

la  this  paper,  we  will  not  go  through  this  process  in  much  formal  detail.  These  details 
can  be  found  in  [12].  Instead,  we  will  show  by  examples  how  set  constraints  indeed  model 
the  desired  approximation  from  program  fragments. 
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In  the  following  examples,  we  shall  use  a  simple  imperative  programming  language  with 
basic  facilities  for  data  structure  creation  (e.g.  cons  and  nil  for  list  creation)  and  data  de- 
stmctuzing/projection  (e.g.  car  and  cdr  for  list  destructuring).  Consider  the  statement  X 
cons(Y,  X).  To  model  this  statement,  set  variables  are  introduced  to  collect  the  values 
of  the  variables  X  and  Y  just  before  and  just  after  the  statement  (we  suppose  that  these 
are  the  only  program  variables  of  interest).  Let  Xi  and  3^^  be  the  set  variables  to  collect 
the  values  of  X  and  Y  just  before  execution  of  the  statement,  and  let  and  3^3  be  the  set 
variables  for  just  after  statement  execution.  Now,  the  values  for  X  just  after  execution  of 
the  statement  include  aU  values  c(ms(iv,t^)  such  that  Vx  €  X^  and  ty  €  3^1,  and  so  we 
write  X2  D  {cons(iv,t)t)  :  £  Xi,Vy  £  3\}.  which  is  abbreviated  by  X2  D  cons{yi,Xi). 

In  contrast,  the  values  for  Y  just  after  execution  of  the  statement  are  exactly  those  before 
execution,  and  so  we  vmte  the  constraint  3^2  2  3^i.  Hence,  from  the  above  program  state¬ 
ment,  we  construct  two  set  constraints:  X^  D  cons(3^i,  AV)  and  3^2  2  3^i.  Note  that  for 
this  example,  we  could  have  replaced  D  hy  =  and  written  the  equations  X2  =  cons(3^i.  A*!) 
and  3^2  =  3^1.  However,  for  a  number  of  reasons,  it  is  somewhat  more  convenient  to  use 
inequalities  rather  than  equalities^. 

Similarly,  for  the  statement  X  :=  cdr(X)  we  construct  the  two  constraints  A’2  2  cdr{Xi) 
suid  y2  2  where  cdr(Ai)  abbreviates  {V3  :  cons( vi,V2)  £  Xi},  and  A’i,3^i, ^2,3^2  axe  as 
before.  In  general,  the  use  of  sets  to  reason  about  a  program  leads  to  an  approximation 
of  the  program’s  actual  behaviour.  This  is  because  the  use  of  sets  ignores  dependencies 
between  variable  values.  For  example,  consider  the  following  program 

X  :=  car(W); 

Y  :=  cdr(W); 

W  :=  cons(X.  Y); 

Let  Wi,Xi  and  3'{,  t  =  1..4,  be  the  set  variables  introduced  to  collect  the  values  of  W, 
X  and  Y  just  before  the  first  statement,  just  before  the  second  statement,  just  before  the 
third  statement,  and  just  after  the  third  statement  respectively.  Constructing  constraints 
as  before  yields: 

)V3  2>Vr  VW3  2>Vj  W4  2  cons(A3,y5) 

Xi  2  cor()Vi)  X3  DX,  A,  2  *^3 

y2  2yi  34  2  cdriWi)  3^4  2  3^3 

Now,  suppose  that  at  the  start  of  the  program,  the  variable  W  is  either  the  list  [1, 2]  or  the 

list  [3,4].  Then  the  set  for  X2  (and  A3)  is  {1,3},  and  the  set  for  3^3  is  {[2],  [4]}.  Hence, 
the  set  for  VV4  is  {[1,2],  [3, 4],  [1,4],  (3, 2]}.  In  contrast,  the  only  possible  values  for  W  after 
execution  of  the  third  statement  are  [1,2]  and  [3,4]. 

The  key  property  of  the  constraints  constructed  from  a  program  is  that  any  solution  of 
the  constraints  conservativdy  approrimates  the  operational  semantics  of  the  program.  This 
means  that  to  obtain  a  safe  approximation  of  the  program,  it  is  sufficient  to  construct  a 
solution  to  the  constraints.  The  constraint  solving  process  will  typically  compute  the  min¬ 
imum  solution  to  the  constraints  since  this  is  the  most  accurate  approximation  (described 
by  the  constraints). 

^In  pezticvlat,  the  coutraction  of  set  consttsints  is  simplei  in  the  presence  of  statements  that  change 
the  flow  of  oontzoL 
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In  summary  for  this  subsection,  set  constraints  can  be  constructed  to  approximate  the 
execution  of  a  program  by  first  introducing  set  variables  to  capture  the  values  of  the  program 
variables  at  each  program  point,  and  then  writing  constraints  between  these  set  variables 
to  approximate  the  relationships  between  these  variables  that  are  inherent  in  the  program. 
In  effect,  the  construction  of  constraints  reduces  the  problem  of  analyzing  the  program  to 
the  problem  of  reasoning  about  set  constraints. 

3.1  Imperative  Programs 

The  example  imperative  programs  considered  above  do  not  illustrate  how  conditional  state¬ 
ments  and  recursion  are  handled,  and  these  are  probably  the  most  interesting  aspects  of 
the  analysis.  In  particular,  rectirsion  introduces  the  possibility  of  infinite  sets  of  values. 
Consider  the  following  program 

X  cons(a,  cons(b,  cons(c,  cons(d,  nil)))); 

Y  :=  nil; 

€) - * 

while(car(X)  ^  c)  do 

€> - ^ — • 

Y  :=  cons(car(X),  Y); 

X  :=  cdr(X): 

© - - 

@ - • 

where  a,  b,  c  and  d  are  constants.  After  execution  of  this  program,  X  is  cons{c,  cons{d,  nil)) 
and  Y  is  ams{b,  cons(a,  nt/));  in  other  words  the  program  reverses  the  initial  segment  of  X 
up  until  the  first  occurrence  of  c.  The  markers  ® ,  €) ,  0  and  0  indicate  points  in  the 
program  (note  that  0  indicates  the  point  at  the  end  of  the  program).  Corresponding  to 
this  program,  we  can  construct  the  following  constraints. 


X* 

D 

cons(a,  cons{b,  ams{c,  cons{d,  nil)))) 

x^ 

D 

cdr(X^) 

y* 

D 

nil 

yc 

D 

cons(car(X^ ),  y^ 

x^ 

D 

X*'  n  cons(c,  T) 

X^ 

D 

X^  n  cons(c,T) 

D 

y^ 

y^ 

D 

y^ 

x^ 

D 

X°  n  c<ms(c,  T) 

x^ 

D 

X^  n  cons(c,  T) 

y^ 

D 

3^ 

D 

y° 

The  set  expression  cons(c,  T)  (the  complement  of  the  set  denoted  by  cons(c,  T))  is  the  set 
of  all  values  v  such  that  car(v)  differs  from  c.  In  general,  it  is  useful  to  introduce  a  restricted 
form  of  complementation  in  the  constraints  used  to  analyze  imperative  programs.  However, 
these  uses  are  always  sufficiently  limited  that  the  constraints  obtained  are  still  “monotonic” . 
The  minimum  solution  of  the  above  constraints  is  given  by  the  following  mapping: 
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X*  {con4(a,  con5(6,  cons{c,  cons(d,  nt7))))} 
y-*  ►-»  {ni/} 

X^  ^  {con«(a,  corts(b,  cons(c,  cons(d,  nil)))),  cons(b,  cons(c,  cons(d,  nil)))} 

y^  t-+ 

X^  I-*  {cons(b,cons(c,cons(d,nil))),  cons(c,  cons(d,nil))} 
y^  t->  non-nil-listt^i 
X^  t~»  {co7m(c,  corM((2,nti))} 

y° 

where  lista,t  denotes  the  set  of  all  lists  constructed  firom  a  and  b,  and  non-nil-lista,i  denotes 
the  set  of  all  non>empty  lists  constructed  from  a  and  b. 


3.2  Logic  Programs 


The  construction  of  set  constraints  for  logic  programs  is  similar  to  that  for  imperative 
programs.  However,  for  logic  programs,  there  is  a  choice  for  the  underlying  operational 
semantics  used  in  the  analysis.  We  begin  by  illustrating  the  construction  of  constraints 
corresponding  to  a  bottom-up  execution.  Again  we  introduce  a  set  variable  for  each  program 
variable.  We  also  introduce  set  variables  Retp,  for  each  predicate  p,  to  collect  the  set  of 
"return**  values  for  that  predicate.  Consider  the  following  logic  program  and  constraints 
constructed  to  model  the  bottom-up  semantics  of  the  program. 


p<X)  q(X).  r(X). 

q(a)- 

<!(*»)• 

r<b). 

r(c). 


Retp  D  p(A) 

X  2  9(~ij  (iZet,)  n 
Retf  2  9(®)  C  q{b) 
Retr  2  ’"(^)  C  r(c) 


The  minimum  solution  of  these  constraints  maps  Retp  into  {p(fr)},  maps  X  into  {b},  maps 
Retf  into  {q(o),  g(6)},  and  maps  Ret^  into  {r{b),  r(c)}.  Now,  consider  constructing  con¬ 
straints  corresponding  to  a  top-down  left-to-right  execution  of  the  program  starting  from 
the  goal  ?-  p(t)  where  t  is  either  a,  b,  c  or  d.  The  main  change  here  is  the  introduction  of 
set  variables  Callp,  for  each  predicate  p,  to  collect  the  set  of  "calls’*  to  that  predicate.  The 
program  points  and  ©  respectively  denote  the  points  just  before  execution  of  q{X), 
just  before  execution  of  t(X)  and  just  after  mcecution  of  t[X). 


p(X):-0.q(X).  ®.  r(X).  ©. 

q(a)- 

q(b). 

Kb). 

K<0- 


Callp  2  p(®  U  bU  cU  d) 

Retp  2  P(X^) 

2  Pii](Callp) 

X^Dpl,](Callp)nqll](Ret,) 

X^  D  p^j^(Oallp)  D  q^j^(Retj)  n  r^jj(i2ct,) 

Call,  2  g(X^) 

Retf  2  (9(®)  U  g(6))  D  Call, 

Callr  2  r(X^) 

Retr  2  (’*(^)  U  r(c))  D  Callr 


The  minimum  solution  of  these  constraints  maps  Callp  into  {p(a),p(b),p(c),p(d)},  Retp  into 
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{j)(6)},  into  {a,b,c,d},  X^  into  {a, 6},  X^  into  {6},  Call^  into  {9(a),g(6),g(c),9(<i)}, 
Retf  into  {?(«),  9(k)},  Call,  into  {r(o),r(6)},  jmd  Retr  into  {r(6)}.  As  a  third  alternative, 
consider  constructing  constraints  corresponding  to  a  top-down  parallel  execution  of  the 
program  starting  from  the  same  goals.  The  program  points  0  ,  @  and  ©  respectively 
denote  the  points  just  before  execution  of  sCA*),  just  before  execution  of  r(A)  and  just  after 
execution  of  the  entire  body  of  the  first  rule. 


Callp  D  p(a  U  6  U  c  U  d) 

Ret,  D  pIx^^) 

P(X)  0.  q(X).  ®,  r(X).  ©.  3  Call,) 

q(a).  X^  D  P{^)iCall,) 

q(b).  X^  D  Call, )  n  J {Ret,)  n  J ( Retr ) 

Kb).  Call,  D  q{X^) 

KO-  Ret,  2  (g(a)  U  qib))  n  Call, 

Callr  2  r{X^) 

Retr  5  U  r(c))  D  Callr 

The  wiiTiittitiTn  solution  of  these  constraints  maps  Call,  into  {p{a),p{b),p{c),p{d)}.  Ret,  into 
{p(b)}t  X-*  and  X^  into  {a,  b,  c,  d},  X°  into  {b},  Call,  into  •{g(a),  q(l  7(c),  g(d)},  Ret,  into 
{«(«).  9(i)}i  Callr  into  {r(a),r(6),r(c),r(d)},  and  Retr  into  {r(b),r(<;;}. 

Observe  that  in  all  three  examples,  the  use  of  set  constraints  has  lead  to  an  exact 
analysis,  and  that  the  sets  obtained  were  fiiute.  Neither  observation  holds  in  general,  as  is 
illustrated  by  the  following  bottom-up  analysis  example: 


pW.  m)  >  p(x.  Y). 

P(a.b). 


Ret,2p{f{X)J{y))Up{a,b) 

X2Pl^){Ret,) 

y2pJ:^{Ret,) 


In  the  least  model  of  the  constraints.  Ret,  is  mapped  into  the  set  {p(a,  b)}u{p(/*(a),  P{b))  : 
i  >  l,j  >  1},  and  this  set  contains  elements  such  as  p(/(a),/(/(6)))  which  are  not  part  of 
the  program’s  (exact)  meaning. 


So  far,  we  have  made  no  mention  of  variables  that  appear  in  the  head  of  a  rule  and  not 
in  the  body  of  a  rule.  Such  variables  can  take  on  any  value.  Hence  they  are  modeled  using 
the  T  constant,  as  illustrated  in  the  following  example. 

Ret,  2  Pix,y) 

p(X.  Y)  q(X).  X  2  q{^]{Ret,) 

q(»)-  y^T 

Ret,  2  9(<t) 

We  conclude  this  discussion  of  the  analysis  of  logic  programs  by  noting  that  the  accuracy  of 
the  information  obtained  using  set  constraints  can  be  improved  by  using  more  complex  set 
operators.  For  example,  consider  the  following  program  and  its  (bottom-up)  set  constraints: 
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p(X.  Y)  >  q(X.  Y),  r(X,  Y). 

«!(».  b)- 

q(b.  a). 
r(a.  a). 


Ret,DpiX,y) 

Retf  3  g(o,6)  U  9(6,0) 
Retr  3  r(a,a) 


The  wiiniTnuTti  solution  of  these  constraints  maps  Retj,  into  p(a,a),  X  and  y  into  {a}, 
Retf  into  {9(0, 6),  9(6,  a)},  and  Ret,  into  {r(a,a)}.  Another  way  of  constructing  constraints 
is  to  introduce  quantified  set  expressions,  which  have  the  form  {X  :  3Xi . . .  3Xm(ii  € 
sei  A  •••  Ain  €  sen)}  where  XyXi,...,X„  are  program  variables,  li,...,ln  are  atoir 
or  terms  whose  variables  are  from  X, Xi, . .  ,Xm,  and  sci, . . . ,  sen  are  set  expressions.  T; 
constraints  using  quantified  set  expressions  that  are  constructed  for  the  (bottom-up)  analysu 
of  the  above  program  are: 


Ret,  Dp(X,y) 

XD^X:3r  (g(X,y)  €  Ret,  A  r(X,r)  6  i2ef,)} 
y  3  {y :  3jr  (g(x,y)  e  Ret,  a  T{x,y)  e  Retr)} 

Ret,  2  9(«,b)  U  9(6,0) 

Retr  2 

and  the  miTiiTmiTn  solution  of  these  constraints  maps  Ret,,  X  and  y  into  the  empty  set. 
Ret,  into  {9(0, 6),  9(6,  a)},  and  Retr  into  {r(a,a)}.  The  more  complex  constraints  using 
quantified  expresuons  not  only  provide  more  accurate  program  approximation,  but  they 
are  also  more  faithful  to  the  notion  of  set-based  analysis.  In  particular,  they  have  closer 
and  much  simpler  relationship  to  the  underlying  operational  semantics  (see  [12,  16]  for 
further  details). 


3.3  Functional  Programs 

Td  analyse  functional  languages  such  as  Standard  ML  [23],  set  constraints  must  be  extended 
with  a  mechanism  to  deal  with  higher-order  functions.  In  essence,  this  is  achieved  by  the 
addition  of  three  new  components.  First,  the  set  of  underlying  values  is  enriched  to  include 
a  new  collection  of  constants  to  denote  functions.  In  the  following  examples,  we  shall  use 
function  identifiers  for  this  purpose;  in  more  formal  presentations,  it  is  convenient  to  use 
abstractions  in  an  appropriate  lambda  calculus.  Second,  for  each  function  constant  /,  we 
introduce  two  set  variables  Callj  and  Ret/  to  capture  the  values  on  which  /  is  called,  and 
the  values  that  calls  to  /  return,  respectivdy.  Third,  a  new  set  operator  apply  is  introduced 
to  modd  function  application.  The  meaning  of  a  set  expression  apply{sei,se2)  under  a 
mapping  J  is  defined  as  follows: 

T{apply{sei,se2))  ^  [J  Retf,  provided  J{Callf)  3  I(sea)  for  all  /  €  I(sej) 

If  the  side  condition  is  not  met  then  J(appiy(set,  sea))  is  not  defined.  The  notion  of  solution 
of  a  collection  of  set  constraints  is  appropriately  modified  so  that  J  is  a  solution  of  the 
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constraints  if  it  is  defined  on  each  set  expression  and  satisfies  each  constraint.  Note  that 
the  meaning  of  this  expanded  class  of  set  expressions  involving  apply  is  somewhat  unusual, 
because  now  set  expressions  themselves  may  impose  restrictions  on  solutions,  independent 
of  the  constraints  in  which  they  appear.  Importantly,  unique  minimum  solutions  are  still 
guaranteed  to  exist. 


To  illustrate  the  construction  of  set  constraints  to  analyze  function  programs,  consider 
the  fcdlowing  program  and  its  constraints.  The  set  variable  £  is  introduced  to  capture  the 
set  of  values  resulting  from  program  evaluation.  The  minimum  solution  of  the  constraints 
maps  X,  Callii,  Retut  and  £  into  {c}. 


let  fun  id  X  =  X 
in 

id  c 
end 


X  D  Callii 


Retii  D  X 

£  D  apply(id,c) 


Again,  more  complex  set  operators  can  be  introduced  to  provide  more  accurate  modeling 
of  certain  aspects  of  the  language  (particularly  case  statements).  See  [12,  13]  for  further 
details.  The  complexity  of  solving  the  set  constraints  is  O(n^)  [13].  This  basic  formulation 
of  constraints  has  been  extended  to  deal  with  arrays,  continuations  and  exceptions. 


3.4  Comparison  with  Other  Analysis  Techniques 

A  key  advantage  of  set-based  analysis  (and,  more  generally,  the  use  of  set  constraints  to 
perform  program  analysis),  in  comparison  to  stwdard  abstract  interpretation  techniques 
[7],  is  that  there  is  no  underlying  abstract  domain.  When  using  an  abstract  domain,  the 
requirement  of  ‘‘finite  ascending  chains”  is  typically  required  for  termination,  and  this  limits 
the  usable  abstract  domains.  A  remedy  is  to  use  techniques  of  “narrowing”  and  “widening”. 
Even  so,  termination  continues  to  place  a  fundamental  restriction  on  the  accuracy  of  the 
treatment  of  values.  Avoiding  the  use  of  abstract  domains  leads  to  important  advantages 
in  terms  of  accuracy  and  uniformity.  In  particular,  set-based  analysis  does  not  use  “depth- 
limits”  or  other  a  priori  restrictions  on  the  sets  of  values  that  can  be  manipulated.  We 
contend  that  this  reduces  the  potential  for  chaotic  and  unintuitive  behaviour. 

Another  benefit  of  the  simplidty  and  uniformity  of  the  approximation  embedded  in  set- 
based  analysis  is  that  the  analysis  is  extensible  and  flexible.  In  the  course  of  implementing 
a  number  of  prototype  set-based  analysis  systems,  we  have  observed  that  modifications  to 
incorporate  new  features  are  often  straightforward.  For  example,  during  the  development 
of  a  system  for  the  analysis  of  ML  programs,  the  treatment  of  continuations,  side-effects 
and  exceptions  required  only  minor  modifications.  There  appear  to  be  two  reasons  for 
this.  First,  because  set-based  analysis  has  a  simple  and  intuitive  definition,  it  is  usually 
straightforward  to  determine  how  to  treat  new  features.  Second,  because  the  analysis  has 
a  uniform  definition,  the  treatment  of  one  component  of  a  language  is  largely  independent 
of  the  treatment  of  other  aspects  of  the  language,  and  so  the  analysis  can  be  extended  in  a 
modular  manner. 

Of  course,  the  main  limitation  of  set-based  analysis  is  that  all  inter- variable  depen¬ 
dencies  are  ignored.  Such  dependencies  can  be  crucial  for  some  kinds  of  analysis  such  as 
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mode  analysM  (tee  [19]  for  a  discussion  of  this  issue).  In  contrast,  abstract  interpretation 
tecliniques  can  retain  a  limited  amount  of  information  about  dependencies  (although  there 
is,  of  course,  additional  computational  cost  associated  with  maintaining  information  about 
dependencies).  Motivated  by  this  observation,  hybrid  approaches  that  combine  aspects  of 
set  constraints  with  abstract  interpretation  have  been  developed  [19]. 

3.5  EfBciency  Issues 

It  is  difficult  to  quantify  a  comparison  between  set-based  analysis  and  standard  analysis 
techniques.  While  worst  case  complexity  costs  can  be  obtained,  it  is  not  clear  what  con¬ 
clusions  we  can  draw  from  these  results  about  the  practicality  of  the  various  approaches. 
Moreover,  the  technology  for  implementing  set  constraints  is  still  in  its  infancy.  With  this 
in  mind,  we  now  briefly  describe  results  from  implementations  of  set-based  analysis  for  two 
different  languages. 

The  first  deals  with  analysis  of  logic  prc^ams  [11],  and  computes  type,  mode  and  sharing 
information.  This  analysis  has  a  worst  case  exponential  complexity.  While  substantial 
progress  was  made  during  the  development  of  this  implementation,  the  results  indicate  that 
we  are  stiU  some  distance  from  practical  analysis  of  medium  to  large  programs.  Currently, 
top-down  analysis  of  programs  of  the  order  of  50  rules  can  be  achieved  in  a  few  seconds.  As 
expected,  analysis  based  on  bottom-up  semantics  is  considerably  cheaper  that  for  top-down 
semantics.  One  of  the  main  lessons  of  this  implementation  is  the  expense  of  solving  set 
constraints  involving  intersection.  Much  of  the  work  of  the  implementation  was  directed  at 
reducing  this  cost. 

The  second  implementation  effort  provides  a  contraisting  experience.  This  implementa¬ 
tion  [13]  focussed  on  the  analysis  of  ML  programs.  The  core  algorithm  for  this  analysis  is 
O(n’)  on  the  sise  of  the  input  program.  Typical  execution  times  are  in  the  range  of  200-400 
lines  per  second  for  programs  up  to  several  thousand  lines  in  length.  The  main  reason  for 
the  substantial  difference  between  the  results  from  the  two  implementations  seems  to  hinge 
on  the  fact  that  intersection  is  not  used  in  the  constraints  generated  from  ML  programs. 
Based  on  this  observation,  we  are  currently  investigating  ways  of  constructing  constraints  for 
logic  programs  that  provide  stTnilar  levels  of  accuracy,  but  either  eliminate  or  substantially 
reduce  the  use  of  intersection. 

The  results  from  the  second  implementation  out-perform  current  implementations  of 
comparable  abstract  interpretation  based  approaches.  There  appear  to  be  a  number  of  rea¬ 
sons  for  this.  In  set-based  analysis  there  is  only  one  pass  over  the  program  text.  In  essence, 
this  performs  a  “pre-compilation”  of  the  program  into  a  convenient  computation  form  (set 
constraints).  In  contrast,  many  abstract  interpretation  systems  repeatedly  pass  over  (some 
representation  of)  program  text  during  the  iterative  fixed-point  computation.  In  set-based 
analyns,  all  approximation  is  carried  out  in  the  translation  to  set  constraints,  and  so  no 
approodmation  operations  need  to  be  done  during  the  main  computational  component  of  the 
analysis  (solving  set  constraints).  Furthermore,  set  constraints  are  inherently  more  incre¬ 
mental  than  the  iterative  fixed-point  computations  of  abstract  interpretation.  In  essence, 
constraints  provide  a  compact  implicit  representation  of  information.  This  representation 
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rapports  computation  over  partial  information  that  is  particularly  well  suited  to  efficient 
program  analysis.  We  refer  to  [15]  for  a  deeper  discussion  of  this  issue. 


3.6  Extensions 

So  far  we  have  focussed  on  the  use  of  set  constraints  to  obtain  an  approximation  of  the  pos¬ 
sible  run-time  values  of  variables  in  a  program.  However,  the  basic  process  of  constructing 
set  constraints  from  a  program  and  then  solving  these  set  constraints  preserves  numerous 
structural  properties  of  a  program.  It  is  therefore  possible,  with  only  minor  modifications 
to  the  set  constraint  algorithm,  to  compute  approximations  to  a  variety  of  other  program 
properties.  We  now  iDustrate  this. 

Mode  Ansdyais  (for  Logic  Programs) 

To  adapt  set  constraints  to  compute  mode  information  for  logic  programs,  we  first  change 
the  underlying  set  of  values  from  the  set  of  all  "ground”  terms  to  the  set  of  all  terms.  Then 
we  replace  the  constant  T  by  two  new  constants  ground  and  any,  which  shall  denote  the  set 
of  all  ground  terms  and  the  set  of  all  terms  respectively.  Finally,  we  modify  the  definition  of 
solutions  of  set  constraints  to  account  for  these  changes.  For  example,  the  TninirmiTn  solution 
oi  X  D  f(groundfany)  maps  X  into  the  set  of  all  terms  of  form  such  that  ti  is 

ground.  The  minimum  solution  ofXD  /{ground,  any,  a)n/(any,  ground,  any)  maps  X  into 
the  set  of  terms  /(tutu,  a)  such  that  tj  and  tj  axe  both  ground.  The  constraints  generated 
for  mode  analysis  axe  essentially  unchanged,  excepting  that  any  and  ground  may  be  used  to 
describe  the  initial  goals.  The  modifications  for  solving  these  new  constraints  involve  steps 
such  as  simplifying  ground  D  any  into  ground,  and  /(any)  n  ground  into  /{ground).  See 
[12, 15]  for  farther  details.  Note  that  the  constants  ground  and  any  behave  in  essentially  the 
same  way  as  T,  and  may  appear  in  the  output  of  the  algorithm  (that  is,  they  may  appear 
in  the  erqrlidt  representations  that  are  computed  by  the  algorithm).  For  example,  when  the 
program 

app(nil,  Y.  Y). 

app(cons(X'.  X).  Y.  cons(X'.  Z)) app(X.  Y.  Z). 

is  anafysed  in  the  context  of  the  goal  ?•  app(ground,  ground,  any),  the  output  of  the  algorithm 
relevant  to  Call^  and  Ret^  is 

Call^  =  app{ground,  ground,  any) 

=  npp{nil,  ground,  ground)  U  app{cons{ground,  X),  ground,  cons{ground,  Z )) 
X  =  nil  U  cons{ground,X) 

Z  =  ground  U  cons{ground,Z) 

Structure  Sharing  Analysb 

Structure  shaiing  analysis  seeks  information  of  the  following  form:  given  two  variables, 
determine  whether  the  bindings  of  these  variables  can  "share”  sub-structures  (in  the  sense 
that  the  sub-structures  have  the  same  heap  location).  Such  information  can  be  used  to 
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detennine  whea  data  structuies  can  be  updated  in  place  or  when  they  can  be  garbage 
ccdlected.  This  Idnd  of  analysis  may  be  performed  by  first  giving  each  occurrence  of  a 
function  symbol  a  unique  label.  Then  set  constraints  are  constructed  as  before,  with  care  to 
preserve  the  labels  on  function  symbols  -  call  the  resulting  constraints  labeled  set  construnts. 
The  meaning  of  these  constraints  is  defined  by  mapping  set  expressions  into  sets  of  labeled 
terms.  We  refer  to  [12,  15]  for  further  details. 

Interpreted  Function  Symbols 

The  set  constraints  considered  so  far  deal  with  uninterpreted  symbols  so  as  to  correspond 
to  the  data  constructors  of  the  language  at  hand.  For  analysis  of  programs  involving  oper¬ 
ations  such  as  arithmetic,  this  approach  must  be  generalized.  One  possibility  is  to  compute 
descriptions  of  how  arithmetic  values  are  obtained.  These  descriptions  are  essentially  terms 
built  from  arithmetic  operations  and  integers.  For  example,  the  description  of  computations 
for  a  program  variable  x  might  be  given  by 

X  =  0U{X  +  1) 

that  is,  the  set  of  computations  {0, 0  +  1,  (0  -b  1)  1, . . .}.  Clearly,  the  actual  values  of  x 

are  included  in  the  set  {0, 1,2, . . .}.  [14]  describes  how  this  approach  can  be  applied  to  the 
problem  of  removing  array  bounds  checks,  and  this  requires  that  the  analysis  also  reason 
about  arithmetic  tests.  An  example  of  the  kinds  of  descriptions  that  arise  in  this  context 

is: 

X^0U[LE10]{X  +  2) 

where  [LE  10]  is  a  "restriction”  operator  that  essentially  picks  those  elements  from  a  set 
that  are  less  than  10  (in  general  a  restriction  operator  is  of  the  form  [op  se]  where  op  is 
some  arithmetic  comparison  operation  and  se  is  some  set  expression).  The  least  model  of 
the  above  equation  maps  AT  into  {0,2, 4, 6, 8}. 


4  Conclusion 

The  calculus  of  set  constraints  was  presented,  and  its  history  of  basic  results  and  applications 
briefly  described.  The  approach  of  set-based  analysis  was  then  presented  in  an  informal 
style,  with  a  focus  on  the  breadth  of  applicability  of  the  technique.  The  relationship  between 
set  constraints  and  set-based  analysis  is  roughly  that  the  approximation  of  a  program  by 
ignoring  inter- variable  dependencies  can  be  captured  by  set  constraints.  It  was  then  argued 
that  set-based  analysis  can  provide  accurate  and  efiicient  program  analysis. 
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Abstract 

la  order  to  reduce  the  search  space  ia  fiaite  coastraiat  satisfactioa  problems,  a  aumber  of  diifereat 
preprocessiag  schemes  have  beea  proposed.  This  paper  iatrodnces  a  ‘substitutioa’  operatioa  for 
coastraiats.  This  aew  operatioa  geaeralises  both  the  idea  of  enfordag  coasisteacy  aad  the  aotioa 
of  label  substitutioa  iatroduced  by  Freuder.  We  show  that  the  coastraiats  ia  a  problem  may  be 
replaced  by  substitutable  subsets  ia  order  to  simplify  the  problem  without  affectiag  the  existeuce 
of  a  solutioa.  Furthermore,  we  show  how  substitutability  may  be  established  locally,  by  coasideriag 
oaly  a  subproblem  of  the  complete  problem. 

1  Introduction 

The  finite  constraint  satisfaction  problem  (or  consistent  labeling  problem)  is  known  to  be  NP-complete  [7] . 
Such  problems  may  always  be  solved  by  an  exhaustive  search  strategy,  but  this  is  generally  very  ineffi¬ 
cient. 

The  search  space  may  be  reduced  by  enforcing  some  level  of  ‘consistency’  [5]  in  the  problem.  This 
involves  strengthening  the  given  constraints  by  disallowing  labels  or  combinations  of  labels  which  can  be 
eliminated  using  other  constraints.  A  number  of  efficient  algorithms  have  been  proposed  for  achieving 
various  levels  of  consistency  in  a  given  problem  [2,  8,  9]. 

For  some  applications  of  constraints,  notably  problems  arising  in  machine  vision  [3,  10,  11],  it  is  not 
necessary  to  calculate  all  possible  solutions  to  a  given  problem,  only  to  determine  whether  a  solution 
exists,  and  if  so  to  output  a  single  possible  solution.  When  only  a  single  solution  is  required  it  is  possible 
to  generalize  the  notion  of  enforcing  consistency  to  obtain  a  more  powerful  constraint  simplification 
strategy,  which  will  be  called  ‘substitution’.  The  substitution  operation  simplifies  the  given  constraints 
by  removing  labels  or  combinations  of  labels  which  can  be  shown  to  be  unnecessary  when  seeking  a  single 
solution. 

The  idea  that  one  label  may  be  substituted  for  another  in  some  problems,  without  affecting  the 
existence  of  solutions  was  first  proposed  by  FVeuder  in  [6].  In  this  paper  we  generalize  this  idea  to 
apply  to  arbitrary  sets  of  labels  for  arbitrary  sets  of  variables.  This  opens  up  a  wider  range  of  possible 
substitutions  and  allows  us  to  apply  substitution  operations  directly  to  the  constraints  in  a  problem. 

The  motivation  for  the  work  described  here  is  to  extend  the  range  of  simplification  operations  which 
may  be  applied  to  constraints,  in  order  to  identify  more  precisely  the  features  of  a  constraint  satisfaction 
problem  which  give  rise  to  intractability  [4]. 

2  Definitions 

A  finite  constraint  satisfaction  problem  (CSP)  [7,  10]  consists  of  a  number  of  variables  which  must  be 
assigned  labels  from  associated  domains,  subject  to  a  number  of  constraints.  Each  constraint  specifies 
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allowed  combinations  of  labeb  for  some  subset  of  the  variables,  referred  to  as  the  scope  of  the  constraint. 
We  now  give  a  formal  definition: 

Definition  2.1  A  finite  constraint  satisfaction  problem,  V,  consists  of  a  pair  {X,  C),  where: 

•  X  is  a  finite  set  of  variables. 

•  Each  X  £X  is  associated  with  a  finite  set  of  labels,  S(x),  called  the  domain  of  x. 

•  C  is  a  finite  set  of  constraints. 

•  Each  c  €  C  ts  associated  with  a  subset,  E(e),  of  X,  called  the  scope  of  c. 

A  mapping  t  from  Y  C  X  such  that  t(x)  €  i(*)i  for  all  x  is  called  a  labeling  ofY. 

Each  constraint  c^C  is  a  set  of  labelings  o/£(c). 

Definition  2.2  Let  V  =  (^,  C)  be  a  constraint  satisfaction  problem. 

•  Given  any  constraint,  c^C,  a  labeling  t  o/E(c)  is  said  to  “satisfy”  c  if  and  only  if  t  ^  c. 

•  A  labeling  t  of  X  is  said  to  be  a  “solution”  to  V  if  and  only  if  for  every  c  €  C,  the  restriction  oft 
to  E(c)  satisfies  e. 

The  set  of  all  solutions  to  V  is  denoted  Sol(V). 

To  illustrate  these  definitions,  we  now  give  an  example  of  a  specific  constraint  satisfaction  problem  which 
will  be  used  as  a  running  example. 


Cl  =  {(a,  a),  (a,  c)} 


C3  =  {(a,  a),  (o,  b),  (6,  c),  (c,  c)} 


C4  =  {(a,  a),  {b,  b),  (6,  c),  (c,  c)} 


Figure  1:  An  example  of  a  constraint  satisfaction  problem 
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Example  2.3  Let  ?*  =  (X,C)  be  the  constraint  satisfaction  problem  illustrated  in  Figure  1,  in  which: 

•  X  =  {*1, . .  .,*5} 

•  i(r,)  =  {a,6,c},  »  =  1,2,... ,5 

•  C  =  {ci, ...  ,04} 

•  The  constraint  scopes  are  as  follows: 

E(ci)  =  {11,12} 

E(C2)  =  {*2,  *3,  *4} 

E(C3)  =  {*3,15} 

=  {*4.  *5} 

For  this  problem,  a  labeling  is  a  mapping  from  a  subset  Y  of  X  into  the  set  {o,6,c}.  For  instance  if 
Y  =  {*i,X4},  then  the  mapping  t  :Y  -*  {a.i.c}  with  <(xi)  =  a  and  <(x4)  =  c  is  a  labeling  of  Y.  If  we 
fix  a  nominal  order  for  the  variables  in  Y ,  then  we  can  denote  a  labeling  of  Y  by  an  n-tuple  where  n 
is  the  size  of  Y .  Using  the  natural  subscript  ordering  of  the  variables  the  labeling  t  can  be  written  as 
(a,c). 

^From  now  on,  for  convenience,  we  shall  assume  that  the  variables  of  7^  have  this  natursJ  subscript 
order.  Using  the  notation  just  described,  we  define  the  constraints  of  7  to  be  as  follows: 

Cl  =  {(a,a),(a,c)} 

C2  =  {(a,a,a),(o,a,b),(a,6,6),(t,6,6),(c,c,c)} 

C3  =  {(a,a),(a,6),(6,c),(c,c)} 

C4  =  {(o,a),(6,t),(5,c),(c,c)} 

To  complete  this  example  we  will  compute  Sol(1E>),  the  set  of  all  solutions  toP.  By  a  simple  search 
we  find  that  it  is  composed  of  four  elements.  As  solutions  are  simply  labelings  of  the  complete  set  of 
variables  X,  we  can  write  them  as  follows: 

(a,  a,  a,  a,  a) 

{a,a,a,b,b) 

ia,a,b,b,c) 

(a,c.c,c,c) 


a 

We  will  sometimes  want  to  deal  with  subprobkms  of  a  given  constraint  satisfaction  problem  which  arise 
from  considering  subsets  of  the  set  of  constraints.  We  therefore  make  the  following  definition: 

Defimtion  2.4  Lei  P  =  (X,  C)  be  a  constraint  satisfaction  problem  and  lei  D  be  any  subset  of  C.  The 
reduced  subproblem  of  7^  generated  by  D  is  the  constraint  satisfaction  problem  P\d  =  {X\o,D),  where: 

X\o  =  U  E(c) 

c^D 

We  will  make  use  of  the  following  operations  from  relational  algebra  [1]: 

D^inition  2.5  Lei  Y,Z  be  sets  of  variables  with  Z  C  Y.  For  any  labeling  t  ofY,  the  projection  onto  Z 
oft,  denoted  t[Z\,  ts  the  restriction  oft  to  Z.  Similarly,  for  any  set  S  of  labelings  ofY,  the  projection 
onto  Z  of  S,  denoted  irz(S),  is  the  set  {t[Z]  |  <  €  5). 

Defimtion  2.6  Let  Y,Z  be  sets  of  variables  with  Z  CY.  For  any  set  T  of  labelings  of  Z,  and  any  set 
S  of  labelings  ofY,  the  selection  by  T  from  S,  denoted  <rT{S),  is  the  set  {t  €  5  |  t[Z\  €  T). 
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3  Substitutability 

Freuder  [6]  defined  the  concept  of  substitutability  for  labels  in  a  CSP  as  follows;  given  two  possible 
labels  a  and  6  for  a  variable  x,  a  is  substiiutable  for  6  iff  substituting  the  value  a  for  b  at  variable  x  in 
any  solution  yields  another  solution. 

We  now  generalise  FVeuder’s  definition  to  apply  to  sets  of  labelings  of  arbitrary  subsets,  rather  than 
just  individual  labels  for  single  variables; 

Definition  3.1  LetV  be  a  constraint  satisfaction  problem  witk  variables  X,  and  let  R  be  a  subset  of  X. 
Given  any  two  sets  Ti ,  Tj  of  labelings  of  R,  we  say  that  T2  is  substitutable  for  T\  in  V  if 

^x-R(<rTi(Sol(V)))  C  irx-fl(<r7'j(5o/(P))) 

T 

IfTiis  substitutable  for  Ti  in  V,  then  we  will  write  Ti  <T2. 

In  other  words,  given  two  sets  of  labelings,  T\  and  T2,  for  the  same  variables,  we  say  that  T2  is  substi¬ 
tutable  for  T\  if  the  following  condition  holds:  the  elements  of  T2  may  be  extended  to  complete  solutions 
in  all  the  same  ways  as  the  elements  of  T\ . 

Note  that  for  any  problem  V  and  any  sets  of  labelings,  Ti ,  72 ,  we  have 

V 

Ti  C  T2  =>  Ti  ^  T2. 

The  following  example  illustrates  the  definition: 

Example  3.2  Consider  the  constraint  satisfaction  problem  V  in  Example  2.3.  None  of  the  possible 
labels  for  any  of  the  individual  variables  is  substitutable  for  any  other  in  this  example,  according  to 
IVeuder’s  original  notion  of  substitutability. 

However,  using  Definition  3.1  and  the  list  of  solutions  given  in  Example  2.3,  we  can  show  that  the 
set  of  labelings  {(a,a,a),(c,c,c)}  for  the  variables  23,  Z4  and  zs  is  substitutable  in  V  for  {(a,  6, 6)},  i.e 

{(o.t.i)}  5{(o.a,a).(c,c,c)}.  D 

The  next  lemma  indicates  that  a  constraint  in  a  constraint  satisfaction  problem  may  always  be  replaced 
by  a  substitutable  set  of  labelings  without  eliminating  all  of  the  solutions: 

Lemma  3.3  Let  V  —  (X,  C)  be  a  constraint  satisfaction  problem  .  If  we  replace  any  constraint  c  £  C 

V 

by  a  new  constraint  d  with  the  same  scope,  such  that  c<d ,  then  we  obtain  a  new  constraint  satisfaction 
problem  V  such  that 

SoliP')  =  0  =>  SoKP)  =  0 

Proof:  Note  that  Sol(P)  =  <re(Sol(P))  and  Sol('P')  =  (re'(Sol(P)).  Hence,  if  SoI(P)  0  then 

V 

<re(Sol(P))  ^  0,  so  if  c  X  o',  then  by  Definition  3.1  we  have  <rc<(Sol(P))  ^  0,  hence  Sol(P')  ^  0, 
and  the  result  follows.  ■ 

For  the  special  case  of  substitutable  subsets  of  a  given  constraint,  Lemma  3.3  has  the  following  important 
corollary: 

Corollary  3.4  Any  constraint  in  a  constraint  satisfaction  problem  may  be  replaced  by  a  substitutable 
subset  without  affecting  the  existence  of  solutions. 

Furthermore,  in  this  case,  the  solutions  to  the  new  problem  will  simply  be  a  subset  of  the  solutions  to 
the  original  problem. 

Replacing  a  constraint  with  a  substitutable  subset  will  be  called  a  ‘substitution’  operation.  The 
following  example  illustrates  how  this  substitution  operation  may  be  used  to  tighten  the  constraints  in 
a  constraint  satisfaction  problem. 
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Example  3.5  Reconsider  the  constraint  satisfaction  problem  V  defined  in  Example  2.3. 

No  proper  subset  of  ci  is  substitutable  for  ci  in  V, 

The  following  proper  subsets  are  substitutable  for  cj  in  P: 

{(a.  a.  a),  (a.  a,  6).  (*,  h,  b),  (c,  c,  c)} 

{(“.  “.<*).  (a.  a,  b),(b,  b,  6),  (a,  b,  6)} 

{(a,  a,  a),  (a,  a,  b),  (a,  b,  b),  (c,  c,  c)} 

{(a,  a,  a),  (a,  a,  6),  (a,  6, 6),} 

{(a,o,o),(a,a,6),(c,c,c)} 

The  following  proper  subsets  are  substitutable  for  cs  in  V: 

{(a,a).(6,c).(c.c)} 

{(a,a),{a,b),{c,c)} 

The  following  proper  subsets  are  substitutable  for  C4  in  V: 

{(i.6).(i.c).(c,c)} 

{(a,a),(6,c),(c,c)} 

□ 

Definition  3.1  implies  that  if  a  set  of  labelings  7i  contains  any  labeling  t  which  cannot  be  extended  to  a 

V 

solution  of  V,  then  Tj  •<  {Ti  —  t).  This  gives  us  the  following  result: 

Proposition  3.6  Any  tuple  which  may  be  eliminated  from  a  constraint  in  a  constraint  satisfaction 
problem  by  enforcing  consistency  may  be  removed  by  a  substitution  operation. 

This  means  that  the  substitution  operation  is  a  true  generalization  of  the  notion  of  enforcing  consistency. 

Calculating  the  smallest  substitutable  subset  of  a  constraint  is  as  difficult  as  solving  the  original 
problem.  However,  the  next  result  shows  that  it  is  sufficient  to  establish  substitutability  within  certain 
subproblems. 

Definition  3.7  Let  V  =  {X,C)  be  a  constraint  satisfaction  problem. 

For  any  c  €  C  define  the  closure  of  c,  c,  as  follows: 

c={c'€C|E(c')nE(c)#0} 

Lemma  3.8  Lei  V  =  (X,  C)  be  a  constraint  satisfaction  problem. 

For  any  e  €  C  and  any  set  cf  of  labelings  ofll{c),  we  have 

■PU  ,  V  , 
c  <  c'  =>  c  K  c' 

V 

Proof:  Assume  that  c  3^  </.  By  Definition  3.1,  this  means  that 

rx-r(c)(<rc(Sol(P)))  2  irx-s(e)(<Tc-(Sol(P))) 

Hence,  there  is  some  s  ^  Sol(P)  such  that  the  restriction  of  s  to  —  E(c)  is  not  compatible  with  any 
element  of  o'.  In  other  words,  any  labeling  s'  of  A  which  satisfies  o'  and  agrees  with  s  on  A  —  E(c)  must 
fail  to  satisfy  some  constraint  in  C. 

By  construction,  s'  satisfies  o'  and  all  elements  of  C  —  c,  so  s'  must  fail  to  satisfy  some  element  of 
Ph 

e  —  c.  Hence  e  -f.  cf .  u 

Any  labelling  which  is  substitutable  for  a  constraint  c  in  will  be  saud  to  be  'locally’  substitutable  for 
e.  Combining  Lemma  3.8  with  Corollary  3.4  shows  that  we  may  replace  any  constraint  c  in  a  constraint 
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satisfaction  problem  7*  by  a  locally  substitutable  subset  without  affecting  the  existence  of  a  solution.  For 
many  problems  V,  local  substitutability  may  be  calculated  much  more  efficiently  than  substitutability 
in  Vy  since  it  requires  solutions  to  be  calculated  only  for  the  subproblems  generated  by  the  constraint 
closures. 

However,  local  substitutability  is  not  implied  by  (global)  substitutability,  so  using  local  substitutabil¬ 
ity  is  not  guaranteed  to  find  all  possible  constraint  substitutions,  as  the  following  example  shows: 

Example  3.9  Reconsider  the  constraint  satisfaction  problem  V  defined  in  Example  2.3.  The  set  c^  = 
{(a,a),(6,c),(c,c)}  is  substitutable  in  V  for  cs  (Example  3.5). 

However,  if  we  consider  the  subproblem  T’lej,  we  find  that  Sol(7’|,r,)  contains  the  element  (6, 6, 5,  c) 

so  C3  C3.  Cl 

4  Propagation  of  Substitution 

Substitution  operations  may  be  propagated  to  obtain  further  reductions  in  the  constraints,  as  the  fol¬ 
lowing  example  indicates.  Note  that  in  this  example  the  use  of  substitution  operations  and  propagation 
is  sufficient  to  obtain  a  complete  solution  to  the  problem. 

Example  4.1  Reconsider  the  constraint  satisfaction  problem  V  defined  in  Example  2.3.  It  was  shown 
in  Example  3.2  that  the  set  of  labelings 

c'2  =  {(a,  a,  a),  (a,  a,  6),  (a,  6, 6)} 

is  substitutable  in  V  for  03  (it  is  also  locally  substitutable). 

If  we  replace  cs  with  then  we  obtain  a  new  constraint  satisfaction  problem  V ,  and  now  we  find 
that  cfi  s  {(a,  a)}  is  substitutable  for  Ci  in  V. 

If  we  replace  ci  with  Cj  then  we  obtain  a  new  constraint  satisfaction  problem  V" ,  and  we  find  that 
ss  {(a,  a),  (a,  &)}  is  substitutable  for  cs  in  V". 

If  we  replace  a  with  <4  then  we  obtain  a  new  constraint  satisfaction  problem  V"\  and  we  find  that 
s=  {(a, «)}  is  substitutable  for  C4  in  V". 

Finally,  if  we  replace  C4  with  C4  then  we  obtain  a  new  constraint  satisfaction  problem  with  only  a 
single  solution,  (a,  a,  a,  a,  a).  F\uther  substitution  operations  may  therefore  be  carried  out  on  all  of  the 
constraints  to  reduce  them  to  a  single  element,  which  is  the  projection  of  this  solution.  □ 

As  with  the  various  methods  for  enforcing  different  levels  of  consistency,  it  is  possible  to  organise  the 
propagation  of  substitution  operations  according  to  a  number  of  different  schemes.  One  naive  algorithm 
for  repeatedly  applying  local  substitutability  and  propagating  the  results  is  as  foliows: 

Algorithm  4.2 

Repeat 

For  each  constraint  c 
For  each  t  €  c 

17  c  :<  c  —  {f }  then  set  c  =  c  —  {f} 

Itetil  no  Inrther  changes  to  constraints. 

The  complexity  of  this  algorithm  depends  on  the  maximum  size  of  a  constraint  closure,  say  k,  and 
the  maximum  number  of  labelings  permitted  by  a  constraint,  say  m.  The  main  repeat  loop  may  be 
executed  at  most  m|C|  times,  since  at  least  one  element  is  removed  from  a  constraint  on  each  iteration. 
The  complexity  of  checking  for  substitutability  for  each  constraint  element  is  0(m*’),  since  each  possible 
extension  must  be  checked  against  each  other  element  of  c.  Hence  the  overall  complexity  is  0(|C|^m*'''^). 

However,  unlike  operations  which  simply  enforce  consistency,  the  repeated  application  of  substitution 
operations  until  no  more  substitution  is  possible  does  not  always  give  an  invariant  result.  More  surpris¬ 
ingly,  the  number  of  solutions  to  the  resulting  problem  is  not  always  invariant  either,  as  the  following 
example  shows: 
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Example  4.3  Reconsider  the  constraint  satisfaction  problem  V  defined  in  Exstmple  2.3.  It  was  shown 
in  Ebcample  3.2  that  the  set  of  labelings 

c'j  =  {(a,  a,  a),  (a,  a,  b),  (c,  c,  c)} 

is  substitutable  in  V  for  cj  (note  that  this  is  a  different  substitutable  set  to  the  one  considered  in 
Example  4.1). 

If  we  replace  C3  with  C]  then  we  obtain  a  new  constraint  satisfaction  problem  P',  and  now  we  find 
that  =  {(a,  a),  (c,  c)}  is  substitutable  for  C4  in  V. 

If  we  replace  C4  with  C4  then  we  obtain  a  new  constraint  satisfaction  problem  V" ,  and  we  find  that 
=  {(a,  a),  (c,  c)}  is  substitutable  for  C3  in  V". 

If  we  replace  cs  with  then  we  obtain  a  new  constraint  satisfaction  problem  V" ,  and  we  find  that 
C]  =  {(a,a,a),(c,c,c)}  is  substitutable  for  in  V". 

Finally,  if  we  replace  C]  with  Cj  then  we  obtain  a  new  constraint  satisfaction  problem  with  two 
solutions,  (a,  a,  a,  a, a)  and  (a,  c,c,c,c).  This  constraint  satisfaction  problem  cannot  be  further  reduced 
using  substitution  operations.  O 

The  implication  of  this  lack  of  invariance  is  that  some  sequences  of  substitution  operations  may  be 
much  more  effective  than  others  in  reducing  the  search  space.  It  is  an  open  question  whether  an  efficient 
algorithm  exists  for  choosing  the  most  effective  sequence  of  substitution  operations,  although  we  strongly 
suspect  that  this  problem  is  as  difficult  as  solving  the  original  problem. 


5  Conclusion 

We  have  presented  a  substitution  operation  which  is  a  true  generalization  of  Freuder’s  notion  of  label 
substitution,  and  also  generalizes  all  forms  of  consistency  enforcement. 

Although  this  substitution  operation  is  most  useful  when  searching  for  a  single  solution,  it  may  also 
be  useful  in  the  case  where  we  want  to  find  all  solutions.  In  such  cases,  it  can  reduce  search  time  by 
showing  more  quickly  that  a  branch  of  the  search  tree  leads  to  no  solutions.  Substitution  operations 
may  be  worth  applying  to  any  constraint  satisfaction  problem  that  has  a  high  probability  of  having  no 
solutions. 
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Contradicting  Conventional  Wisdom  in 
Constraint  Satisfaction 

Daniel  Sabin*  and  Eugene  C.  Freuder^ 


Abstract.  Constraint  satisfaction  problems  have  wide  application  in  artificial  intelligence.  They 
involve  finding  values  for  problem  variables  where  the  values  must  be  consistent  in  that  they 
satisfy  restrictions  on  which  combinations  of  values  are  allowed.  Two  standard  techniques  used 
in  solving  such  problems  are  backtrack  search  and  consistency  inference.  Conventional  wisdom  in 
the  constraint  satisfaction  community  suggests:  1)  using  consistency  inference  as  preprocessing 
before  search  to  prune  values  from  consideration  reduces  subsequent  search  effort  and  2)  using 
consistency  inference  during  search  to  prune  values  from  consideration  is  best  done  at  the  lim¬ 
ited  level  embodied  in  the  forward  checking  algorithm.  We  present  evidence  contradicting  both 
pieces  of  conventional  wisdom,  and  suggesting  renewed  consideration  of  an  approach  which  fully 
maintains  arc  consistency  during  backtrack  search. 

1  INTRODUCTION 

Constraint  satisfaction  problems  {CSPs)  involve  finding  values  for  problem  variables  subject  to 
constraints  that  are  restrictions  on  which  combinations  of  values  are  allowed  [15].  They  have 
many  applications  in  artifidal  intelligence.  (We  restrict  our  attention  here  to  binary  CSPs,  where 
the  constraints  involve  two  variables.) 

The  bade  solution  method  is  backtrack  seardi.  Often  consistency  inference  (constraint  propa¬ 
gation)  techniques  are  used  to  prune  values  before  or  during  search.  The  basic  pruning  technique 
involves  establishing  or  restoring  some  form  of  arc  consistency.  If  a  value  v  for  a  variable  V  is 
not  consistent  with  any  value  for  some  other  variable  U,  then  v  is  arc  inconsistent  and  can  be 
removed.  f\tU  arc  consistency  is  achieved  when  all  arc  inconsistent  values  are  removed. 

One  of  the  most  successful  forms  of  backtrack  search  has  proven  to  be  forward  checking  [8]. 
Forward  checking  combines  backtrack  search  with  a  limited  form  of  arc  consistency  msuntenance. 
Some  values  are  removed  that  become  inconsistent  when  the  problem  is  modified  by  the  choices 
made  during  the  search  process. 

This  paper  provides  strong  experimental  evidence  contradicting  two  weU-established  pieces  of 
conventional  wisdom  in  the  CSP  community: 

•  Conventional  CSP  wisdom  says  that  using  consistency  inference  in  a  preprocessing  step,  to 
prune  values  before  search,  will  reduce  the  subsequent  search  effort.  There  has  been  some 
question  as  to  the  degree  of  consistency  preprocessing  that  is  desirable  -  additional  preprocessing 
effort  may  outweigh  subsequent  seardi  savings  [2].  However,  it  seems  an  obvious  article  of  faith 
that  removing  values  from  consideration  during  a  preprocessing  step  will  lead  to  savings  during 
the  subsequent  search  step  -  or  at  the  very  least  do  no  harm.  We  demonstrate  that  there  are 
circumstances  in  which  pruning  values  by  consistency  preprocessing  can  in  fact  greatly  increase 
subsequent  search  effort. 

•  Conventional  CSP  wisdom  says  that  using  consistency  inference  during  search,  to  prune  values 
that  become  inconsistent  after  making  search  choices,  is  best  limited  to  the  minimal  inference 
embodied  in  the  forward  checking  algorithm.  The  feeling  is  that  additional  search  savings 
produced  by  pruning  more  values  will  be  offset  by  the  additional  inference  cost.  We  show  that 
midntaining  full  arc  consistency  during  search  is  often  in  fact  very  cost  effective. 

•  DqMrtmait  ot  Conymter  Science,  Univenity  of  New  Hempehire,  Durham,  NH,  03824-2604,  USA 
’  O^artmient  ot  Conumter  Science,  Univeisity  of  New  Hmipshire,  Durham,  NH,  03824-2604,  USA 
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To  contradict  the  first  piece  of  conventional  wisdom  we  tested  the  effects  of  arc  consistency  pre¬ 
processing  on  one  of  the  most  popular  and  successful  CSP  algorithms:  forward  checking  combined 
with  dynamic  domain  size  variable  ordering.  (Dynamic  domain  size  variable  ordering  prefers  to 
consider  variables  that  have  fewer  values  left  to  dtoose  from.  It  is  a  popular  ordering  heuristic.  In 
a  probabilistic  analysis,  it  was  shown  optimal  under  certain  assumptions  by  Haralick  and  Elliott 
[8].  It  has  proven  particularly  useful  in  conjunction  with  forward  checking  search,  and  we  believe 
it  to  be  effective  on  our  test  problems.) 

Another  counterintuitive  demonstration  that  pruning  values  can  increase  search  effort,  was 
obtained  recently  by  Prosser.  He  showed  that  pruning  i^ues  can  degrade  performance  for  algo¬ 
rithms  that  em^oy  '^telligent  backtracking”  (though  the  actual  exhibit^  effects  were  small) 
[14].  However,  even  Prosser  concluded  that  “We  sho^d  now  assume  that  increased  consistency, 
or  the  removal  of  redundandes,  can  only  guarantee  a  reduction  in  search  effort  if  that  search  is 
unintelligent  (such  as  a  chronological  backtracker).” 

Forward  checking  is  a  chronological  backtracker.  However,  we  found  that  removing  values  by 
arc  consistency  preprocessing  made  some  problems  an  order  of  magnitude  more  difficult  to  solve 
by  our  ordered  forward  checking  search.  (In  fairness  to  Prosser  though  one  might  argue  that 
“unintelligent”  should  rule  out  dynamic  search  ordering.)  Note  we  are  not  merely  saying  that 
the  effort  to  do  the  preprocessing  plus  the  effort  to  do  the  subsequent  search  was  an  order  of 
magnitude  greater  than  the  effort  to  do  the  search  without  preprocessing.  We  are  saying  that 
even  if  you  ignore  preprocessing  effort,  searching  the  preprocessed  problems,  which  had  fewer 
values,  was  still  an  order  of  magnitude  harder  than  searching  the  original  problems. 

The  explanation  for  this  counterintuitive  phenomenon  is  that  arc  consistency  preprocessing  is 
counterproductive  when  it  interferes  with  the  functioning  of  the  search  ordering  heuristic.  We 
interpret  our  results  as  implying  that  eliminating  values  can  move  a  problem  far  enough  away 
from  the  assumptions  needed  to  demonstrate  the  “optimality”  of  dynamic  domain  size  search 
ordering  that  the  advantage  of  having  fewer  values  is  more  than  offset  by  the  deterioration  of  the 
ordering  heuristic’s  performance. 

We  believe  this  e3q>erience  is  a  useful  object  lesson  in  the  need  to  exercise  some  care  in  combining 
CSP  methods:  two  rights  may  make  a  wrong.  This  lesson  is  particularly  relevant  now  as  new 
constraint  programming  environments  are  making  it  easier  to  combine  techniques  for  customized 
algorithms. 

Tb  contradict  the  second  piece  of  conventional  wisdom  we  compared  ordered  forward  checking 
with  an  algorithm  that  established  and  maintained  full  arc  consistency.  These  two  algorithms 
represent  extreme  points  on  a  spectrum  of  algorithms  that  maintain  various  amounts  of  arc 
conristency  during  search. 

The  conventional  wisdom  expressed  to  us  by  some  members  of  the  constraint  programming 
community  already  runs  cotmter  to  the  second  piece  of  CSP  conventional  wisdom.  Our  experi¬ 
ments  suggest  that  the  constraint  programming  community  has  been  conventionally  wiser  in  this 
r^ard  than  the  CSP  community. 

The  combination  of  consistency  pruning  with  backtrack  search  has  a  long  history  [5],  [7], 
[10].  Various  degrees  of  consistency  processing  interleaved  with  backtrack  search  were  studied 
experimentally  in  [8],  [11],  [13].  A  variety  of  algorithms  were  considered  that  alternate  choosing 
a  value  for  a  variable  with  “looking  ahead”,  via  a  constraint  propagation  process,  to  infer  the 
consequences  of  that  choice  for  pruning  the  values  available  for  the  as  yet  uninstantiated  variables. 
The  algorithms  differed  in  how  much  constraint  propagation  they  performed,  and  thus  in  the 
d^ee  of  arc  consistency  they  achieved. 

Forward  checking  is  an  algorithm  which  does  a  minimal  amount  of  constraint  propagation,  in 
the  sense  that  it  p^orms  the  minimal  amount  of  lookahead  needed  to  avoid  having  to  “look 
back”,  i.e.  to  avoid  the  need  to  check  new  choices  gainst  previous  ones.  In  experimental  studies 
forward  checking  repeatedly  proved  superior  to  algorithms  interleaving  more  constraint  propaga¬ 
tion. 

Of  course,  the  limitations  of  these  experiments  were  recognized.  However,  the  repeated  success 
of  forward  checking  began  to  bias  the  conventional  wisdom  in  the  CSP  community  in  the  direction 
of  “less  is  more”.  For  example,  in  a  recent  survey  of  CSP  algorithms  [9],  the  section  on  “How  Much 
Constraint  Propagation  Is  Useful?”  concludes:  “Experiments  by  other  researchers  [in  addition  to 
Nadel]  with  a  variety  of  problems  also  indicate  that  it  is  better  to  apply  constraint  propagation 
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only  in  &  Umited  form”. 

Earlier  studies  were  limited,  however,  in  several  key  ways: 

•  Many  of  the  experiments  were  limited  to  special  case  problems,  especially  the  Queens  problem, 
a  problem  in  which  constraints  exist  between  all  possible  pairs  of  values. 

•  R^dom  problem  experiments  were  conducted  before  the  recent  understanding  that  most  ran¬ 
dom  problems  appear  in  fact  to  be  easy  problems. 

•  Small  sample  sets  decreased  the  likelihood  of  encountering  difficult  problems. 

•  The  AC*4  approach  to  arc  consistency  [12],  which  is  particularly  well  suited  to  consistency 
maintenance,  was  not  employed. 

•  The  implementation  of  consistency  maintenance  may  have  been  less  than  optimal.  In  order 
to  maintain  arc  consistency  one  does  not  need  to  restart  an  arc  consistency  algorithm  from 
scratch  each  time  backtrack  search  chooses  a  value;  one  only  needs  to  propagate  the  effects  of 
the  removal  of  the  unchosen  values. 

In  onr  laboratory  several  studies  began  to  suggest  that  “more  could  be  more”.  Gevecker  studied 
full  arc  consistency  maintenance  [6]  and  FVeuder  and  Wallace  studied  a  range  of  hybrid  algorithms 
based  on  a  notion  of  “selective”  or  “bounded”  constraint  propagation  [4].  However,  these  results 
were  still  limited  in  their  understanding  of  the  random  problem  space.  Also,  they  did  not  employ 
the  powerful  search  ordering  scheme  we  alluded  to  above. 

We  conduct  here  experiments  on  random  problems,  focusing  on  the  “hard  problem  ridge” 
identified  in  recent  stuffies  of  “really  hard”  random  problems  [1],  [17].  Problems  that  contradict 
the  conventional  CSP  wisdom  appear  to  be  pervasive,  and  orders  of  magnitude  effects  are  found. 

There  are,  of  course,  significant  caveats  to  these  experimental  results.  In  particular,  problems 
of  different  structure  or  size  may  behave  differently.  We  assume  individual  constraint  checks  can 
be  efficiently  computed.  (Each  time  we  ask  if  a  value  v  for  a  variable  X  and  a  value  u  for  a 
variable  Y  satisfy  the  constraint  between  X  and  Y  we  are  performing  a  constraint  check.)  If  this 
were  not  the  case,  maintaining  full  arc  consistency  could  conceivably  require  some  very  expensive 
constraint  check  computation  that  backtracking  or  forward  checking  avoided.  While  we  test  two 
extremes  of  arc  consistency  processing,  optimality  may  lie  between  these  extremes. 

Nevertheless,  the  performance  exhibited  here  for  a  variety  of  difficult  random  problems  sug¬ 
gests  that  establishing  full  arc  consistency  and  maintaining  it  during  search  may  often  be  more 
efficient  than  limiting  inconsistency  removal  to  the  partial  arc  consistency  maintenance  provided 
by  forward  checking.  Significantly,  the  full  arc  consistency  approach  was  particularly  effective  for 
“really  hard”  problems.  As  a  result  the  full  arc  consistency  ^gorithm  was  rather  stable  in  com¬ 
parison  to  forward  checking:  it  was  a  bit  more  costly  for  some  very  easy  problems,  but  remained 
relatively  efficient  on  problems  where  the  difficulty  encountered  by  forward  checking  shot  way 
up. 

Section  2  describes  the  algorithms  we  compared.  Section  3  describes  our  experimental  objectives 
and  how  we  generated  test  problems.  Sections  4  and  5  present  the  experimental  results  and  our 
summary  observations.  Section  6  is  a  brief  conclusion. 

2  ALGORITHMS 

Forward  checking,  which  we  implement  here  in  an  algorithm  FC,  combines  backtrack  search  with 
a  very  limited  form  of  arc  consistency  maintenance.  The  main  idea  is  to  project  forward  the 
consequences  of  variable  assigiunents  during  search.  When  a  variable  X  is  assigned  a  value,  v, 
from  domain(X).,  the  set  of  available  values  for  A,  v  is  checked  against  the  domains  of  each 
variable  Y  that  is  as  yet  unassigned  and  for  which  there  is  a  constraint  between  X  and  Y.  All 
values  inconsistent  with  v  are  removed.  This  way  a  limited  form  of  arc  consistency  is  madntained. 
(If,  during  this  process,  the  domain  of  some  variable  becomes  empty,  then  no  complete  extension 
of  the  current  assignment  set  to  a  solution  is  possible,  and  the  current  assignment  for  X  must  be 
discarded.)  For  details  on  forward  checking  consult  [8]. 

We  describe  next  an  algorithm  that  combines  backtrack  search  with  full  arc  consistency  main¬ 
tenance.  We  can  the  algorithm  MAC  for  Maintaining  Arc  Consistency.  The  algorithm  is  a  com¬ 
bination  of  old  ideas,  which  we  give  a  new  name  because  the  combination  is  unique  and  the  name 
is  evocative.  However,  it  is  essentially  a  modern  version  of  Gaschnig’s  CS2  [5]. 
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We  describe  MAC  in  some  detail,  in  order  to  make  this  paper  more  self-contained,  and  to  clarify 
precisely  how  we  combined  search  with  constraint  propagation,  for  anyone  wishing  to  replicate 
or  extend  out  experiments. 

MAC  uses  the  same  basic  framework  as  forward  checking,  alternating  search  and  consistency 
inference  steps,  but  differs  conceptually  in  two  aspects; 

•  The  constraint  network  is  made  arc  consistent  initially. 

•  When  during  the  search  a  new  variable  X  is  instantiated  to  a  value  v,  all  the  other  values  in  the 
domain  are  eliminated  and  the  effects  of  removing  them  are  propagated  through  the  constraint 
network  as  necessary  to  restore  full  arc  consistency. 

As  underlined  in  [12],  arc  consistency  is  based  on  the  notion  of  support.  Let  v  be  a  value  in 
domain  of  X.  Value  v  has  support  as  long  as  for  each  of  the  variables  Y  for  which  there  is  a 
constraint  between  X  and  V,  there  is  at  least  one  value  u  such  that  the  pair  (v,  u)  satisfies  that 
constraint.  Once  there  exists  a  variable  for  which  no  remaining  value  is  consistent  with  v,  then  t; 
must  be  eliminated  from  the  domain  of  X. 

The  algorithm  proposed  in  [12],  known  as  AC-4,  keeps  track  of  this  support  explicitly,  by 
maintaining  a  counter  for  each  arc- value  pair,  Couniei\{Xi,Xj),a]y  representing  the  number  of 
values  in  the  domain  of  Xj  supporting  (Xi,a),  the  value  a  for  X,.  Whenever  the  counter  for  some 
assignment  becomes  0,  that  domain  value  has  to  be  eliminated. 

To  make  this  work  efficiently,  AC-4  keeps  track  of  which  values  support  which  other  values.  For 
each  value  b  in  the  domain  of  Xj  a  set  Sxjt,  —  {(A‘,>a)|  {Xj,b)suppoTts{Xi,d)}  is  constructed. 
Then,  if  value  h  is  eliminated  from  domain  of  Counter[(X„Xj),a]  must  be  decremented 
for  each  (s,a)  in  Sx^h-  Two  additional  data  structures  are  used  by  AC-4  besides  those  already 
mentioned.  The  table  Afarbed[X,',  h]  =  1  if  b  has  been  eliminated  from  the  domain  of  X^.  The  list 
Agenda  maintains  all  pairs  ^X,-,  h),  where  value  b  has  been  deleted  from  the  domain  of  X,  but 
the  effects  of  the  deletion  have  not  yet  been  prop^ated.  The  process  of  propagating  the  effects 
of  deletions  is  guided  by  the  list,  which  specifies  which  deletion  to  process  next. 

Basically,  MAC  uses  the  same  data  structures  as  AC-4  and  consists  of  three  main  components: 

•  initialization:  construct  and  initialize  the  support  counters 

•  propagation:  prune  the  inconsistent  domain  elements  and  propagate  arc-consistency  through 
the  constraint  graph 

•  search: 

The  algorithm  is  presented  in  Figure  1. 

We  also  combined  arc  consistency  and  search  in  a  simpler  manner  than  that  embodied  by 
FC  and  MAC.  A  single  preprocessing  pass  to  achieve  some  form  of  consistency  has  often  been 
used  before  some  form  of  subsequent  search.  Waltz’s  well-known  scene  labeling  experiments  [16] 
are  an  early  example  of  the  success  of  this  basic  approach.  We  will  refer  to  the  combination 
of  arc  conristency  preprocessing  followed  by  forward  checking  search  as  AC-FC.  (The  AC  algo¬ 
rithm  employed  in  AC-FC  is  alro  AC-4-based,  though  not  identical  in  implementation  to  the  arc 
conristency  processing  employed  by  MAC.) 

The  order  in  which  variables  are  considered  for  instantiation  during  search  has  been  found  to 
be  extremely  important.  The  simple  heuristic  that  chooses  a  variable  with  minimal  domain  size 
to  process  next  can  be  very  effective  when  used  with  forward  checking.  We  employ  this  heuristic 
here  for  FC,  MAC  and  A&FC.  As  we  always  use  this  heuristic  (except  when  we  explicitly  test 
the  effect  of  eliminating  it)  we  will  not  bother  to  repeatedly  refer  to  “ordered  FC”  etc.,  but  the 
ordering  should  be  kept  in  mind. 

3  EXPERIMENTAL  DESIGN 

Our  objective  was  to  address  the  following  questions: 

•  Is  the  conventional  wisdom  sometimes  wrong? 

•  Can  it  be  Nery  wrong”?  By  orders  of  magnitude? 

•  How  are  the  results  that  run  counter  to  conventional  wisdom  distributed  in  random  problem 
space?  Where  do  they  occur,  how  often  and  at  what  magnitude? 
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ptooadun  INrnAl>IZE(  varUbks  )  ia: 
for  oadi  variable  Xi  €  variaUea  do 
for  a  €  dnmainfXi)  do 
Mariwd[Jr»  a]  <-  0 
Siq)|>ort«d[Xi,  ^  ^ 

Agenda  *-  d 

for  each  oonstraiiit  (JT,-,  €  the  constraint  graph  do 

for  a  €  «iowuin(A>)  ^ 
total  0 

for  b  6  doaiain(Jry)  do 
if  (a,  b)  eatiifiee  constraint  (Xi,  Xj)  then 

Si9potted[X>,  b]  *-  Supported[Xj,  b]  (J  (Xi,  a) 
if  total  s  0  then 
Mathed{Xi,  a]  ^  1 
Agenda  <-  Agenda  (J  (Xi,  a) 
if  MaihscirXi,  b]  s  1,  V  b  €  doniain(Xi)  then 
return  fAILURE 

dM 

Co«inter{(Xi,Xj),  a]  •-  total 
return  SUCCESS 

procedure  PSOPAGATE(  Agenda  )  is: 
while  Agenda  #  d  do 

adect  and  remove  (Xi,  b)  from  Agenda 
for  (Xi,  a)  €  SupportedfXi,  b1  do 

Co«mter((Xi,Xj),  a]  <-  Connter{(Xi,Xj),  a]  -  1 
if  Ca«inter{(Xi,Xj),  a]  as  0  and  MarhedfXi,  a]  s  0 

Agenda  «-  Agenda  (J  (Xi,  a) 

MarhadCXi,  a]  <-  1 

if  MarindTXi,  c]  as  l,  V  c  g  domain(Xi)  then 
ntva^AILORE 
retain  SUCCESS 


procedure  SEAB.CH(  variables,  solution  )  is: 
if  variables-c  ^  then 
report  solution 
return  SUCCESS 

Xi  •-  select  one  variable  €  variables 
if  Marked(Xi,  a]  sa  1,  V  a  €  doinain(X,)  then 
return  FAILURE 

a  •-  next  unmarked  value  €  domain(X,) 
save  values  of  Marked  and  Counter  data  structures 
for  b  £  doinain(Xi)  \{a}  and  Marked[X,,  b]  s  0 
Agenda  •—  Agenda  (J  (Xi,  b) 

MarkedfXi,  b]  -  1 

if  PROPAGATE(  Agenda )  =  SUCCESS  and 
SEARCH(  variables  \{X,}.  solution  M  (Xi,  a)  )  = 
SUCCESS  then 
return  SUCCESS 

restore  values  of  Marked  and  Counter  data  structures 
Agenda  •—  (Xi,  a) 

Marke^Xi,  a]  •-  1 
return  PROPAGATE(  Agenda  )  and 
SEARCH(  variables,  solution ) 

algorithm  MAC(  variables  )  is; 
if  INITIALIZE(  variables  )  =  FAILURE  then 
rettim  FAILURE 
return  SEARCH(  variables,  d) 


Piguro  1.  MAC  Algorithm 


•  How  do  these  results  relate  to  problem  difficulty? 

•  Are  these  results  significant  for  "really  hard”  problems? 

We  performed  tests  with  FC,  MAC  and  AC-FC  to  address  these  questions.  We  addressed  the 
problem  of  finding  a  single  solution  to  a  CSP  (or  determining  that  no  solution  exists). 

The  test  problems  are  random  binary  CSPs:  each  constraint  is  a  relation  involving  two  vari¬ 
ables.  They  are  generated  according  to  a  (constant)  probability  of  inclusion  model,  which  we  will 
describe  briefly. 

A  problem  is  generated  given  several  parameters,  whose  meaning  we  will  explain: 

•  the  number  of  variables 

•  the  number  of  values  for  a  variable  (initially  the  same  number  for  each  variable) 

•  the  expected  constraint  density 

•  the  expected  constraint  tightness 

One  way  to  represent  binary  constraints  is  with  constraint  graphs,  vertices  corresponding  to 
variables  and  ed^  to  constraints.  Since  we  want  to  deal  only  with  connected  constraint  graphs 
(connected  components  of  unconnected  graphs  can  be  solved  independently),  the  number  of  edges 
for  a  graph  with  N  vertices  is  at  least  N~1  (for  a  tree)  and  at  most  (for  a  complete  graph). 

As  a  consequence,  we  define  constraint  density  as  the  fraction  of  the  possible  constraints,  beyond 
the  tniititniiTn  N-1 ,  that  the  problem  has.  For  example,  a  CSP  with  a  tree  structured  constraint 
graph  has  a  constraint  density  of  0  and  a  CSP  with  a  complete  constraint  graph,  containing  all 
possible  edges,  has  a  constraint  density  of  1.  In  the  general  case,  the  number  of  edges  for  a  CSP 
with  a  constraint  graph  with  JV  vertices  and  a  constraint  density  of  (a  number  between  0  and 
1)  is  JV  -  1  +  -  (JV  -  1)). 

Constraint  tightness  is  defined  as  the  fraction  of  all  possible  pairs  of  values  from  the  domains 
of  two  variables,  that  are  not  allowed  by  the  constraint.  For  example,  if  the  constraint  between 
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two  variables  with  domains  {a,  6}  and  {e,  d)  does  not  allow  the  pairs  (a,  c)  and  {a,  d)  and  (b, 
c).,  then  the  constraint  tightness  is  .75. 

Basically,  in  our  problems  a  specific  constraint  is  present,  or  a  specific  pair  of  values  is  permitted 
by  a  constraint,  with  a  probability  based  on  the  expected  density  and  tightness  specified  for  the 
problem.  This  problem  generation  method  permits  some  variation  in  actual  values  for  the  density 
and  tightness  compared  with  the  expected  ones.  Averaged  over  many  constraints  we  expect  the 
actual  values  to  be  close  to  the  expected  values,  but  it  should  be  noted,  in  particular,  that  the 
tightness  of  an  individual  constrsunt  within  a  problem  can  vary. 

We  do  not  allow  problems  to  contain  any  null  constraints  (that  do  not  allow  any  pair  of  values, 
and  make  the  problem  trivially  unsolvable)  or  any  trivial  “constraints”  (that  allow  all  pairs  of 
values,  and  are  not  usually  represented  by  an  edge  in  the  constraint  graph).  We  insure  that 
constraint  graphs  are  coimected  by  initially  randomly  generating  a  tree  of  constraints. 

The  main  experiments  reported  below  used  problems  with  50  variables,  each  having  a  domain 
of  8  values.  There  is  nothing  magic  about  these  numbers;  we  simply  wanted  problems  of  a  size 
large  enough  to  permit  us  to  exhibit  significant  savings  and  small  enough  so  that  they  would  not 
require  great  amounts  of  processing  time.  We  experimented  some  with  different  size  problems, 
but  a  more  systematic  study  is  left  for  future  work. 

Based  on  recent  research  on  really  hard  problems  we  expected  to  find  that  many  random 
problems  are  easy,  but  that  if  we  hold  one  of  either  tightness  or  density  fixed,  and  vary  the  other 
sufficiently,  that  we  will  encounter  a  complexity  “peak” .  Together  these  peaks  form  a  complexity 
“ridge”  in  “tightness/density”  space.  We  were  particularly  interested  in  performance  on  this 
ridge. 

WTien  we  compared  FC  with  AC-FC  we  used  constraint  checks  as  our  measure  of  effort.  Since 
constraint  checks  are  not  an  appropriate  measure  for  MAC  (the  only  constraint  checks  are  done 
during  the  initializing  phase)  we  used  CPU  time  to  measure  its  performance  and  to  compare  it 
with  FC  and  AC-FC. 

4  ON  PRUNING  CONSIDERED  HARMFUL 

The  data  reported  here  are  for  problem  parameter  values  chosen  to  exhibit  the  phenomenon 
dramatically.  Our  intuition,  which  requires  further  exploration,  is  that  the  phenomenon  is  more 
likely  to  occur  at  low  densities  and  near,  but  not  at,  peak  difficulty  areas. 

We  used  problems  with  50  variables  and  an  initial  domain  size  of  8  values  for  each  variable. 
For  each  of  four  density  values  .06,  .07,  .08  and  .09  five  random  problems  were  generated  with  a 
tightness  of  .50.  We  measured  constraint  check  effort  for  AC  preprocessing,  for  FC  search  after 
AC  preprocessing  and  for  FC  search  without  AC  preprocessing.  We  also  measured  CPU  time  for 
AC-FC,  FC  and  MAC.  Table  1  present  the  results. 

Out  main  observations: 

•  AC-FC  performed  worse  than  FC  on  average  for  some  problem  sets  and  an  order  of  magnitude 
worse  on  some  problems.  Pruning  the  search  tree  by  eliminating  some  domain  values  can 
sometimes  greatly  increase  subsequent  search  effort  for  the  popular  combination  of  forward 
checking  and  dynamic  variable  ordering  based  on  minimal  domain  size. 

•  FC  was  sometimes  superior  to  AC-FC  because  the  preprocessing  effort  for  the  AC  phase  was 
larger  than  any  possible  savings  in  the  FC  phase,  indeed  larger  than  the  entire  FC  effort  with 
or  without  AC  preprocessing. 

•  More  significantly  the  FC  search  effort  itself,  after  preprocessing,  was  sometimes  much  greater 
than  the  FC  search  effort  without  preprocessing. 

•  MAC,  which  employs  the  more  extensive  full  arc  consistency  maintenance,  was  superior  to 
both  FC  and  AC-FC  except  on  some  very  simple  problems.  (We  will  have  further  data  on  the 
comparison  of  MAC  and  FC  in  the  next  section.)  Since  MAC  incorporates  an  AC  preprocessing, 
we  have  a  situation  where  adding  some  additional  consistency  processing,  in  the  form  of  AC 
preprocessing  alone,  can  decrease  performance,  but  adding  even  more  consistency  processing, 
in  the  form  of  AC  preprocessing  plus  ftill  AC  mmntenance,  can  help. 

In  order  to  verify  that  it  is  indeed  the  ordering  that  is  at  issue,  we  took  some  other  easy 
problems  where  AC-FC  was  inferior  to  FC,  and  ran  AC-FC  and  FC  on  them  without  any  variable 
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TVbl*  1.  P«ifonn*ace  of  AC-FC,  FC,  MAC 
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ordering  heuristic  (in  fact  lexical  ordering).  Without  the  ordering  heuristic  the  phenomenon 
of  preprocessing  making  matters  worse  did  indeed  disappear.  (Without  the  ordering,  however, 
performance  was  much  worse  than  either  FC  or  AC-FC  with  the  ordering.) 

5  MORE  IS  MORE 

Again  we  used  problems  with  50  variables,  each  having  a  domain  of  $  values.  For  this  experiment, 
however,  we  us^  more  combinations  of  density  and  tightness  values  to  provide  broad  coverage  of 
the  "density /tightness  space”.  For  each  combination  of  density  and  tightness  values,  we  generated 
ten  random  problems,  for  a  total  of  1,200  problems. 

Figures  2a  •  2e  present  the  performance  of  FC  and  MAC,  as  average  values  over  the  ten  problems 
generated  for  each  pair  (density,  tightness).  We  used  five  values  for  the  tightness  parameter:  .150, 
.325,  .500,  .675  and  .850.  For  tightnesses  .150,  .325,  .850, 20  equally  distanced  density  values  were 
taken  throughout  the  entire  range  [0.05, 1].  For  tightness  .500, 20  equally  distanced  density  values 
were  taken  throughout  the  entire  range  [0.015,  0.965].  For  tightness  .675,  40  equally  distanced 
density  vsdues  were  taken  throughout  the  entire  range  [0,  0.975].  The  performance  is  expressed 
as  seconds  of  CPU  time  (on  a  SUN  4)  necessary  either  to  find  a  solution  or  to  discover  that  there 
is  none. 

Just  viewing  averages  can  be  misleading.  For  example,  one  problem  in  a  set  of  ten  can  be  so 
much  harder  than  the  others  that  it  dominates  the  result.  For  each  tightness  value  (except  .850 
for  which  all  the  problems  were  very  easy  to  solve).  Table  2  presents  data  on  the  ten  individual 
problems  in  the  problem  set  with  the  highest  average  difficulty. 

Our  main  observations; 

•  Overall,  establishing  and  maintaining  full  arc  consistency  during  search  was  more  efficient  than 
hmiting  inconsistency  removal  to  the  partial  arc  consistency  maintenance  embodied  in  forward 
checking.  MAC  performed  better  than  FC  throughout  the  density /tightness  space,  except  on 
some  very  easy  problems. 

•  MAC  was  often  at  least  an  order  of  magnitude  better  than  FC  on  the  complexity  peaks. 

•  The  advantage  of  MAC  along  the  complexity  ridge  exhibited  in  Table  2  increased  as  we  moved 
toward  the  less  dense,  more  tighUy  constrained  end. 


CPU  time  [lec] 


CPU  lime  [sec] 


using  CPU  time  to  measure  the  performance 
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T^ble  3.  Performance  of  PC,  MAC,  expressed  in  terms  of  total  CPU  time 
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6  CONCLUSION 

We  have  demonstrated  that  preprocessing  to  prune  values  can  counterintuitively  increase  search 
effort  under  the  right  circumstances.  We  have  demonstrated  that  more  arc  consistency  processing 
than  embodied  in  forward  checking  can  reduce  search  effort  unexpectedly  often. 

“Two  rights  can  make  a  wrong”  and  “a little  knowledge  can  be  a  dangerous  thing”.  Arc  consis¬ 
tency  preprocessing  before  ordered  forward  checking  search  can  degrade  performance  significantly; 
however,  when,  in  addition,  arc  consistency  is  fully  maintained  during  search,  performance  can 
be  enhanced  significantly. 

The  performance,  in  our  experiments,  of  an  algorithm  that  operates  by  maintaining  full  arc 
consistency  throughout  backtrack  search  suggests  that  it  be  reconsidered  by  the  CSP  commu¬ 
nity  as  an  alternative  to  algorithms  that  only  obtain  partial  or  temporary  arc  consistency.  This 
algorithm  seems  especially  worth  considering  for  situations  where  difficult,  as  opposed  to  merely 
large,  problems  may  be  encountered  with  some  frequency.  Indeed,  for  these  problems  we  specu¬ 
late  that  it  may  prove  profitable  to  reexamine  next  the  utility  of  maintaining  even  higher  levels 
of  consistency  [3]. 
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Abstract 

There  are  generally  three  approaches  to  constraint  satisfaction  and  optimization:  domain- 
filtering,  tree-search  labelling  and  solution  repair.  The  main  attractions  of  repair-based  algo¬ 
rithms  over  domain-filtering  and/or  tree-search  algorithms  seem  to  be  their  scalubilHy,  reactivity 
and  applicability  to  optimization  problems.  The  main  detraction  of  the  repair-based  algorithms 
appear  to  be  their  failure  to  guarantee  optimality.  In  this  paper,  a  rep2dr-based  algorithm,  that 
guarantees  to  find  an  optimal  solution  if  one  exists,  is  presented.  The  search  space  of  the  al¬ 
gorithm  is  controlled  by  no-good  backmarking,  a  learning  process  that  records  generic  patterns 
of  no-good  partial  labels^  in  order  to  stop  the  repeated  traversing  of  those  failed  paths  of  a 
search  tree.  Unlike  some  similar  repair-based  methods  which  usuaUy  work  on  complete  (but 
possibly  inconsistent)  labels,  the  proposed  algorithm  works  on  partial  (possibly  inconsistent) 
labels  by  repairing  those  variables  that  contribute  to  the  violation  of  constraints  in  the  spirit 
of  dependency-directed  backjumping.  In  addition,  the  algorithm  vaill  accept  a  repair  if  it  can 
minimise  the  conflicts  of  a  label  even  if  it  does  not  eliminate  them.  To  control  the  space  of 
no-good  patterns,  we  propose  to  generate  the  most  generic  no-good  pattern  as  early  as  possible. 
To  support  dynamic  constraint  satisfaction,  we  introduce  several  strategies  to  maintain  no-good 
patterns  on  the  tradeoffs  between  space,  efficiency  and  overheads.  In  particular,  through  the 
comparisons  with  other  works,  we  suggest  possible  strategies  to  improve  the  proposed  method. 


Keywords  :  Constraint  Satisfaction  and  Optimization,  Backmarking,  Learning,  Backjumping, 
Repair-based  Methods,  Simulated  Annealing,  Tabu  Search,  No-good  recording  and  No-good  Justi¬ 
fication. 
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1  Introduction 

The  importance  of  constraint  satisfaction  and  optimization  is  well-recognized  [Fox  &  Sadeh  93]. 
Scheduling  is  perhaps  the  most  characteristic  real-world  applications  of  this  field  of  research  [Ataba^sh 
91].  A  constraint  problem  can  be  specified  as  consisting  of  an  (possibly  empty)  objective  function 
and  a  set  of  constraints  on  n  variables  (J^i, ..,  Xn)  each  of  which  can  be  assigned  a  value  from  its 
associated  domain  (Di, ..,  D„).  A  complete  (cf.  partial)  label  for  a  constraint  problem  is  simply  an 
assigmnent  of  a  value  for  every  (cf.  some)  variable  from  its  associated  domain.  A  consistent  label 
is  a  label  that  satisfies  all  the  constraints.  Labelling  is  the  process  of  finding  a  consistent  label  for 
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a  constraint  problem.  A  solution  label  is  a  complete  and  consistent  label.  An  optimal  label  is  a 
solution  labd  that  optimizes  the  objective  function.  Constraint  satisfaction  problems  aim  to  find  a 
solution  label;  while  constraint  optimization  problems  try  to  look  for  an  optimal  label.  The  objective 
constraint  of  a  constraint  problem  is  the  constraint  associated  with  the  objective  function.  It  is  a 
soft  constraint  in  the  sense  that  the  value  of  the  function  is  not  necessarily  fixed  and  is  intended  to 
be  optimized. 

Many  different  techniques  have  been  developed  over  the  years  [Nadel  89].  They  have  all  proved 
empiracally  and  theoretically  successful  for  many  applications  although  it  is  a  commonly  acknowl¬ 
edged  fact  that  no  sin^e  technique  is  universally  good  for  all  the  constraint  problems.  Despite  the 
diversity  of  these  techniques  and  their  hybrid  nature,  it  may  be  possible  to  classify  them  among 
three  classes:  domain-filtering,  tree-search  and  repair-based  techniques. 

Domain-filtering  techniques  seek  to  filter  out  elements  of  the  domains  of  variables  that  do  not 
participate  in  any  solutions  of  a  constraint  problem.  They  are  generally  incomplete  in  the  sense 
that  not  all  such  dements  are  filtered  out.  For  efficiency  reasons,  local  consistency  domain-filterings 
[Mackworth  77]  such  as  arc-consistency  and  path-consistency  are  usually  adopted.  Domain-filtering 
techniques  however  do  not  produce  a  solution  for  a  constraint  problem.  Even  if  it  is  complete,  not 
every  combination  of  the  filtered  domains  of  the  variables  is  necessarily  a  solution.  Labelling  is 
thus  usually  performed  at  a  separate  stage  that  involves  some  tree-search  techniques  [Nadel  89]. 

Tree-search  techniques  follow  the  paths  of  a  search  tree  in  some  regular  fashion  by  constructing 
and  extending  partially  consistent  labels  [Freuder  &  Wallace  92].  They  usually  work  in  a  backtrack¬ 
ing  fashion  together  with  backmarking  and/or  backjumping.  Backmarking  marks  the  combination 
of  values  that  have  been  proven  to  be  satisfiable  or  unsatisfibale  in  order  to  reduce  the  redimdant. 
{thrashing)  and  normally  expensive  constraint  checks.  Backjumping  performs  dependency-directed 
backtracking  to  the  highest  point  of  a  search  tree  that  contributes  to  the  current  failure  in  order  to 
prune  the  search  paths. 

Repair-based  techniques  usually  work  on  complete  but  possibly  inconsistent  labels  by  repair¬ 
ing  them  gradually  towards  a  correct  or  optimal  solution.  It  is  naturally  extensible  to  reactive 
scheduling  [Minton  et  al  92]  since  it  always  repairs  on  a  complete  label  or  schedule.  It  is  also 
easily  extensible  to  optimization  because  the  repair  process  is  usually  based  on  some  estimated 
cost.  Notable  representatives  of  repair-based  techniques  are  hill-climbing,  simulated  annealling  and 
genetic  algorithms.  A  key  issue  here  is  to  avoid  the  trapping  of  a  local  minimum  in  a  repair  process. 
Hill-climing  generally  involves  repairing  variables  in  conflict  in  such  a  fahsion  as  to  minimize  the 
conflicts  or  to  reduce  the  cost  [Minton  et  al  92].  Simulated  annealling  [Kirkpatrick  et  al  83]  on 
the  other  hand  provides  a  temperature  control  to  enable  the  repair  method  to  jump  out  of  a  local 
TniniiTniTn  by  allowing  the  possibility  of  a  locally  rep  wed  label  with  a  higher  cost.  To  avoid  looping 
in  the  repair  process,  tabu  search  [Hertz  &  de  Werra  87]  keeps  track  of  a  buffer  of  forbidden  moves 
between  complete  labels.  To  be  on  the  safe  side,  genetic  algorithms  [Schraudolph  91]  maintain  a 
pool  of  potentially  "healthy”  and  complete  labels  which  can  be  jointly  (via  a  cross-over  operation) 
or  individually  (via  a  mutation  operation)  repaired. 

Unlike  tree-search  techniques  which  usually  have  a  complete  search  space,  repair-based  tech¬ 
niques  do  not  normally  enjoy  this  luxury.  This  is  of  course  double-edged.  On  one  hand,  the  repair 
techniques  are  often  easily  jumping  around  the  search  space  and  greedily  expect  to  find  an  approx¬ 
imately  optimal  solution  in  a  fairly  quick  time  for  some  large  constraint  problems^.  On  the  other 
hand,  the  repair-based  techniques  regretably  do  not  guarantee  to  find  the  optimal  solution  of  a 
constraint  problem. 

The  purpose  of  this  paper  is  to  present  a  repair- based  technique  {NG-Backmarking)  that  com- 
^Tliis  is  one  leason  why  tepaii-bued  techniques  aie  generally  regarded  as  scalable. 
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bines  the  advantages  of  the  three  classes  of  techniques  mentioned  above.  This  technique  performs 
an  indirect  domain  filtering  by  no-good  backmarking  -  a  process  that  records  the  most  generic 
partial  labels  that  are  known  to  have  violated  some  constrmnts  of  a  constraint  problem.  The  tech¬ 
nique  can  also  accommodate  a  domain-filtering  technique  both  in  a  preprocessing  phase  and  in  the 
labelling  phase  of  a  repair  process. 

Like  tree-search  techniques,  the  proposed  technique  also  incorporates  a  backjumping  strategy  so 
that  only  culprit  variables  that  contribute  to  the  violation  of  some  constraints  are  being  repaired. 
However,  unlike  tree-search  techniques,  the  new  technique  neither  backtracks  nor  backjumps  nor 
badcmarks  along  a  fixed  regular  search  structure  (eg.  chronological  backtracking  or  dependency- 
directed  backtracking).  Rather  it  jumps  about  the  search  space  and  prunes  where  it  can  using 
no-good  backmarking  that  records  learnt  information  about  “bad”  partial  labels.  In  particular,  the 
technique  attempts  to  produce  the  most  generic  no-good  patterns  as  early  as  possible  in  order  to 
reduce  both  the  space  and  time  overheads  of  the  no-good  patterns.  Unlike  a  simple  learning  strategy 
(e.g.  Dechter  90]),  the  techqnique  is  also  equiped  with  dynamic  support  of  no-good  patterns  to 
deal  with  constraint  maintenance.  We  propose  several  strate^es  to  control  such  dynamic  support. 

Unlike  the  no-good  justification  method  [Maruyma  et  al  91,  92]  that  inspired  the  proposed 
technique  here,  the  NG-Backmarking  technique  can  accept  a  local  repair  if  it  minimises  the  confiicts 
(or  the  cost)  of  a  label  even  if  the  resultant  label  does  not  eliminate  all  the  conflicts.  However 
unlike  similar  repair-based  methods  (eg.  min-conflict  Hill-dimbing  repair)  which  usually  work  on 
complete  (but  possibly  inconsistent)  labels,  the  NG-Backmarking  technique  can  repair  partial  and 
mconsistent  labels.  In  particular,  the  no-good  backmarking  process  can  be  seen  as  a  generalization 
of  the  tabu  search  in  simulated  annealing  as  it  can  forbid  moves  between  partial  (not  just  complete) 
labels.  Finally  it  will  be  noted  that  the  new  technique  can  be  incorporated  with  some  genetic 
algorithms  as  the  no-good  backmarking  process  maintains  a  pool  of  generic  partial  labels  that 
require  repairs.  These  partial  labels  can  be  jointly  repaired  or  individually  repaired. 

This  paper  is  organized  as  follows.  In  Section  2,  two  constraint  problems  are  defined.  They  will 
be  used  to  illustrate  the  ideas  of  the  proposed  method  later  on.  In  Section  3,  the  NG-Backmarking 
technique  is  presented.  In  Section  4,  the  control  of  the  backmarking  process  in  the  NG-Backmarking 
technique  is  discussed.  In  Section  5,  we  propose  several  strate^es  to  deal  with  the  maintanance 
of  no-good  patterns  in  dynamic  constraint  satisfaction.  In  Section  6,  we  provide  our  experimental 
results  and  analysis  of  the  technique.  In  Section  7,  comparisons  and  contrasts  with  other  well-known 
techniques  are  made  and  some  hybrid  modifications  that  might  enhance  the  NG-Backmarking 
technique  are  suggested. 

2  'It'avelling  Salesman  Problem  and  Capital  Budget  Problem 

In  this  section,  we  define  two  constraint  problems;  the  Travelling  Salesman  Problem  (TSP)  and 
the  Capital  Budget  Problem  [Taha  92].  These  problems  are  chosen  purely  for  illustrative  purpose. 
They  are  not  intended  for  real-world  applications  to  be  repreresentative  of  the  kind  that  is  best 
solved  by  the  proposed  NG-Backmarking  technique. 

Problem  1  (n-city  TSP)  The  n-cHy  TSP  problem  is  to  construct  a  least  costly  tour  visiting  each  city 
exactly  once  in  a  n-eity  map. 

Far  reasons  of  clarity,  we  index  the  cities  in  a  n-city  TSP  by  numbers  ranging  from  0  to  n-1  and  we  8i>ecify 
each  tour/label  of  a  n-city  TSP  by  a  sequence  of  n  numbers  ranging  from  0  to  n-1.  For  example,  01123  is 
a  label  (in  this  case,  an  inconsistent  one)  of  a  5-city  TSP.  From  a  constraint  satisfaction  point  of  view,  the 
variables  are  then  the  first  city  to  be  travelled  to,  the  second  city  to  be  travelled  to,..,  and  the  nth  city  to  be 
travelled  to.  If  a  variable  is  undefined  in  a  partial  label,  we  will  use  U  to  indicate  its  status,  eg.  00U12. 
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Problem  2  (Capital  Budget)  Five  projects  are  being  considered  for  execution  over  the  next  S  years.  The 
expected  returns  for  each  project  and  the  annual  expenditure  (in  £K)  are  tabulated  below.  The  problem  seeks 
to  decide  which  of  the  five  projects  should  be  executed  over  the  S-year  planning  period.  In  this  regard,  the 
problem  reduces  to  a  “yes-no^  decision  for  each  project.  We  formalize  the  decision  problem  by  treating  each 
project  as  a  variable  whose  domain  is  {0,1}  where  the  value  0  represents  “no”  and  the  value  1  represents 
“yes”. 


Expenditures 


Project 

Year  1 

Year  2 

Years 

Returns 

1 

5 

1 

8 

20 

2 

4 

7 

10 

40 

3 

3 

9 

2 

20 

4 

7 

4 

1 

15 

5 

8 

6 

10 

30 

Available  funds  25 

25 

25 

The  constraint  satisfaction  and  optimisation  specification  then  become 

maximize  z  =  20ri  +  40x2  +  20x3  +  15x4  +  30xs 
subject  to  the  following  resource  constraints  where  x,-  €  {0, 1}  for  t  =  1, 2, 5. 


5xi 

+ 

4X3 

+ 

3x3 

+ 

7X4 

-1- 

8x5 

< 

25 

-1- 

7x2 

+ 

9x3 

+ 

4X4 

+ 

6x5 

< 

25 

8xi 

+ 

10X3 

+ 

2x3 

+ 

*4 

+ 

lOxs 

< 

25 

For  simplicity,  we  represent  a  label  for  the  capital  budget  problem  as  a  sequence  of  integers  in  the  set  {0,1}, 
eg.  01011. 

3  No-good  backmarking  with  min-conflict  repair 

NGl-Backmarking  is  a  complete  repair-based  method  that  works  on  partial  and  possibly  inconsistent 
labels.  Its  architecture  is  based  on  the  no-good  justification  algorithm  which  involves  assigning  and 
designing  variables  of  a  partial  label  until  a  complete  and  consistent  label  is  generated.  However 
instead  of  using  a  dynamically  evolving  and  rather  costly  set  of  justifications  (or  constraints)  as 
in  the  no-good  justification  approach,  the  new  algorithm  works  on  a  fixed  set  of  initial  constraints 
together  with  a  dynamically  generated  but  simple  set  of  no-good  patterns.  These  patterns  are 
partial  lahels  (generated  by  no-good  backmarking)  to  indicate  that  these  partial  labels  violate  some 
constraints  and  should  be  repaired.  They  are  used  to  prune  the  search  space  of  a  constraint  problem. 

In  the  No-good  justification  approach,  the  set  of  no-good  justifications  and  the  size  of  each  no¬ 
good  justification  can  grow  combinatorially  large.  This  point  is  supported  by  our  implementation 
of  the  algorithm  applied  to  the  TSP  problem  and  the  Capital  Budget  problem.  Since  checking  a 
no-good  justification  can  be  an  expensive  operation,  the  size  of  the  no-good  justification  set  has  a 
significant  impact  on  the  performance  of  the  algorithm.  Although  it  is  possible  to  remove  some  of 
them  because  they  are  subsumed  by  others,  subsumption  check  can  be  very  inefficient  and  the  set 
can  still  be  rather  large  at  some  intermediate  stages  of  the  algorithm. 

In  contrast,  while  the  set  of  no-good  patterns  can  still  grow  combinatorily  large,  the  size  of  each 
no-good  pattern  stays  the  same  (if  not  smaller).  Li  addition,  the  no-good  patterns  are  simple  to 
check  and  the  subsumption  check  is  also  a  straightforward  operation.  For  example,  given  {01UU2, 
01UU4}  in  the  database  of  no-good  patterns  ,  if  a  new  no-good  pattern  OIUUU  is  generated,  the 
subsumption  check  will  remove  {01UU2,  01UU4}  before  inserting  OIUUU  into  the  database.  It  is 
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important  to  note  that  no-good  patterns  are  not  permutations  of  ail  the  labels  that  violate  some 
constraints.  They  are  generic  patterns  that  correspond  to  the  most  general  partial  labels  that  so 
far  violate  some  constraints.  The  objective  is  to  reduce  both  the  spatial  and  temporal  overheads 
of  the  no-good  patterns  in  the  spirit  of  the  no-good  justifications  in  ATMS  [de  Kleer  90]  where  the 
minimum  partial  labels  that  violate  some  constraints  are  created. 

Although  it  is  claimed  in  [Maruyama  et  al  91]  that  no-good  justifications  provide  more  generic 
constraints  than  no-good  patterns  in  some  cases,  the  extra  efforts  in  checking  the  satisfiability  of 
these  justifications  appear  to  far  outweigh  their  advantage  of  generality.  For  example,  when  a 
partial  label  L  is  firstly  known  to  be  no  good,  L  will  be  generated  as  a  no-good  pattern.  So  if  the 
label  L  pops  up  again  in  later  repairs,  it  will  be  immediately  eliminated  by  the  no-good  pattern 
for  L.  On  the  other  hand,  the  no-good  justification  approach  will  generate  a  no-good  justification 
J  for  L  when  it  is  firstly  detected  to  be  no-good.  So  if  L  pops  up  again  in  later  repairs,  the  no¬ 
good  justification  approach  still  has  to  re-evaluate  J  which  cam  be  a  rather  lengthy  conjunction  of 
several  previously  generated  no-good  justifications.  Even  if  one  such  lengthy  no-good  justification 
may  also  prune  some  other  labels,  we  still  have  to  search  through  this  possibly  large  set  of  no¬ 
good  justifications  and  evaluate  every  one  of  them.  In  contrast,  the  NG-Backmarking  approaudi 
maintains  a  static  set  of  constraints.  If  several  other  labels  are  also  meant  to  be  pruned  by  one 
lengthy  no-good  justification,  it  will  be  picked  out  in  the  NG-Backmaiking  approaudi  by  checking 
this  fixed  set  of  constraints. 

Unlike  the  no-good  justification  approach  which  randomly  chooses  any  defined  variable  to  repair, 
the  NG-Backmarking  algorithm  only  randomly  repairs  a  defined  variable  that  contributes  to  the 
violation  of  some  constraints  in  the  spirit  of  dependency-directed  backjumping.  For  example,  to. 
repair  the  tour  01123  in  a  5-dty  TSP  problem,  the  proposed  algorithm  will  choose  either  the  2nd 
or  3rd  variable  to  repair.  In  the  case  of  choosing  the  second  variable,  it  can  assign  the  value  4  to 
the  variable  if  it  does  not  violate  any  constraints  and  does  not  match  any  no-good  patterns. 

In  addition,  the  NG-Backmarking  algorithm  can  be  r^arded  as  a  genuine  repair  algorithm. 
Instead  of  looking  for  a  value  that  makes  the  locally  repaired  label  to  satisfy  all  the  constraints,  the 
proposed  algorithm  simply  chooses  an  alternative  value  that  minimizes  the  number  of  constraint 
violations  and  the  resultant  label  does  not  match  any  no-good  patterns.  For  example,  to  repair  the 
tour  0112233  in  a  7-dty  TSP  problem,  if  the  second  variable  is  chosen  to  repair,  we  can  assign  a 
new  value,  say  4.  Although  this  value  still  does  not  eliminate  all  the  constraint  violations,  it  is  the 
best  possible  repair.  This  approach  of  repairing  (in  the  spirit  of  min-conflict  repair  [Minton  et  al 
92])  is  very  useful  for  reactive  scheduling  applications  where  the  change  of  a  schedule  is  required 
to  be  as  miniTtiiiTn  as  possible  to  the  original  schedule  when  some  new  circumstances  auise. 

Although  randomness  is  often  a  virtue  in  constraint  solving  as  evidenced  by  some  simulated  an¬ 
nealing  appUcations  [Kirkpatrick  et  al  83],  it  is  still  commonly  recognized  that  constrained  heuristics 
[Fox  &  Sadeh  89]  can  greatly  improve  the  performance  of  many  real-world  applications.  This  point 
is  also  noted  in  Zweben  et  al’s  anytime  scheduling  algorithm  [90]  where  a  heuristically  controlled 
simulated  a-nnoaiing  ig  showu  to  be  more  effective.  For  these  reasons,  we  have  not  indicated  in 
the  following  specification  of  the  proposed  algorithm  the  particular  selection  strategies  of  defined 
variables,  undefined  variables  and  domain  values.  Since  we  are  trying  to  provide  the  principles  in 
this  paper,  we  have  therefore  not  elaborated  any  particular  heuristics  here  which  are  application 
dep«adendent  anyway.  To  name  a  few,  we  can  choose  the  defined  variable  to  be  the  most  conjested 
in  an  application  or  the  one  that  most  likely  to  reduce  the  cost  of  the  objective  function.  The  point 
to  note  however  is  that  the  NG-Backmarking  algorithm  is  complete  whatever  selection  strategies 
are  adopted. 

Under  a  heuristically  controlled  search  strategy,  it  is  not  strictly  true  any  more  that  the  proposed 
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method  randomly  jumps  about  the  search  space.  Still  the  method  does  not  follow  any  regular  tree 
structure  in  a  search  process.  The  selections  of  variables  and  domain  values  are  normally  dynami' 
cally  chan^ng  as  well.  So  effectivdy,  we  still  move  around  the  search  space  fairly  opportunistically 
and  prune  search  space  where  we  can. 


Definition  1  (No-good  backmarking  with  min-confiict  repair)  Given  a  partial  label  (which  can 
be  complete  or  inconsistent)  and  an  initial  bound  on  the  objective  function. 

1.  check  if  there  is  any  no-good  pattern  that  matches  the  label.  If  there  is,  go  to  the  Repair  Process  in  4; 

2.  else  check  if  there  is  any  constraint  violated  by  the  label.  If  there  is,  generate  a  no-good  pattern  for 
the  label  and  go  to  the  Repair  Process  in  4;  else  go  to  the  Labelling  Process  in  3. 

3.  Labelling  Process 

•  If  there  is  no  undefined  variable,  the  current  label  is  a  solution  and  go  to  the  Optimization 
Process  in  5; 

•  Else  select  an  undefined  variable  and  check  if  it  is  possible  to  assign  a  value  to  it  that  satisfies 
all  the  constraints  and  the  resultant  label  does  not  match  any  no-good  patterns.  If  it  is,  choose 
such  a  value  and  go  back  to  the  Labelling  Process  in  3;  Else  go  to  the  Repair  Process  in  4. 

4.  Repair  Process 

•  If  there  is  no  defined  variable  left,  the  algorithm  terminates  with  no  solution. 

•  Else  select  a  defined  variable  that  c<mtributes  to  the  violation  of  some  constraints*  and  check 
if  it  is  possible  to  asrign  an  alternative  value  that  reduces  the  number  (or  cost)  of  constraint 
violations  and  the  resultant  label  does  not  match  any  of  the  no-good  patterns. 

-  If  it  is  possible,  choose  such  a  value  that  minimizes  the  number  (or  cost)  of  constraint 
vicdations. 

If  the  value  can  eliminate  all  the  conflicts,  go  to  the  Labelling  Process  in  3;  else  generate  a 
no-good  pattern  for  the  label  and  go  back  to  the  Repair  Process  in  4; 

-  Else  make  the  variable  undefined  and  generate  a  no-good  pattern  for  the  resultant  label;  go 
back  to  the  Repair  Process  in  4. 

5.  Optimization  Process 

•  If  optimization  is  not  required,  then  terminate  with  the  current  label  as  a  solution. 

•  Else  calculate  the  new  cost  of  the  objective  function  against  the  current  label  and  reset  the  bound 
of  the  constraint  on  the  objective  function  to  the  new  cost;  generate  a  no-good  pattern  for  the 
current  label  and  go  to  the  Repair  Process  in  4. 

The  major  advantages  of  the  no-good  backmarking  algorithm  are 

1.  it  can  repair  a  partial  (including  complete  )  label  that  is  inconsistent. 

2.  it  randomly  jumps  around  the  search  space  in  assigning  and  deassigning  values  of  variables.  The 
choice  of  variable  for  repair  is  essentially  random  and  so  is  not  confined  to  chronological  backtracking 
or  dependency-directed  backtracking  along  some  regular  search  structure. 

3.  it  is  complete  in  satisfaction  and  optimization  while  the  search  space  is  controlled  by  no-good  patterns. 
It  is  guaranteed  to  find  an  optimal  solution  (if  one  exists)  for  a  constraint  problem. 

*A  variaUe  can  ccmtiibate  the  violation  of  some  oonstiaiats  in  two  aspects.  One  is  that  the  variable  is  assigned 
in  a  no-good  pattern  that  matches  the  cnrrent  labd.  The  other  is  that  the  variable  participates  in  the  vidation  of 
some  constraints. 


41 


4.  No-good  patterns  are  simple  to  generate  and  to  check.  Subsumption  check  of  no-good  patterns  are 
also  easy  to  perform. 

Theorem  1  The  algorithm  is  sound  and  complete  for  finite  domain  constraint  satisfaction  prob~ 
lems  (CSP).  That  is,  for  any  finite  domain  CSP,  every  complete  label  that  is  generated  on  the 
termination  of  the  algorithm  is  a  solution  label  of  the  CSP  and  the  algorithm  uiill  find  a  solution 
label  if  one  exists  for  the  CSP. 

The  algorithm  however  does  not  find  all  solutions  of  a  constraint  problem.  It  can  be  easily 
amended  by  iteratively  backmarking  every  current  solution  label  to  be  a  no-good  pattern.  This 
will  trigger  the  algorithm  to  find  alternative  solutions  until  no  more  solution  is  found. 

Theorem  2  The  algorithm  is  sound  and  complete  for  finite  domain  constraint  optimization  prob¬ 
lems  ( COP).  That  is,  for  any  COP,  the  last  complete  label  that  is  generated  on  the  termination  of 
the  algorithm  is  an  optimal  solution  of  the  COP  and  the  algorithm  will  find  an  optimal  solution  if 
one  exists  for  the  COP. 

4  Controlling  the  generation  of  no-good  patterns 

As  noted  in  the  last  section,  no-good  backmarking  simply  records  partial  labels  that  violate  some 
constraints.  Despite  their  simplicity  to  check,  it  is  still  essential  to  maintain  only  the  most  generic 
no-good  patterns.  This  raises  the  question  of  subsumption  check.  Even  if  we  allow  subsumption 
check,  it  is  still  important  to  generate  more  generic  no-good  patterns  as  early  as  possible  in  order 
to  avoid  the  accumulation  of  the  database  of  no-good  patterns  during  the  intermediate  repair 
process  of  the  proposed  method.  As  we  have  experienced  from  our  constraint  lo^c  programming 
implementation,  a  large  set  of  no-good  patterns  can  significantly  hinder  the  performance  of  the 
NG-Backmarking  method. 

First  lets  address  the  subsumption  check.  Every  time  a  partial  label  is  found  to  be  no-good,  we 
first  perform  a  retract  operation  from  the  no-good  database  of  those  patterns  that  unify  with  the 
partial  label  whose  undefined  values  are  viewed  as  “don‘t  care”  variables.  We  then  simply  insert 
the  partial  label  where  an  undefined  value  is  replaced  by  a  "donH  care”  variable.  To  check  if  a 
partial  label  matches  a  no-good  pattern,  we  simply  treat  the  partial  label  as  a  goal,  against  the 
no-good  database.  Note  here  that  the  undefined  value  U  in  the  partial  label  is  not  treated  as  a 
variable  in  the  goal;  otherwise  a  partial  label,  say,  lUUlU  will  match  a  no-good  pattern  such  as 

mil. 

To  generate  more  generic  no-good  patterns  as  early  on  as  possible,  the  generation  process  need 
be  related  to  specific  appUcations.  Here  we  use  the  TSP  and  Capital  Budget  problems  to  illustrate 
the  pcnnt. 

Consider  for  example  a  solution  tour  02341  in  a  5-city  TSP  problem  where  the  cost  of  the  tour 
is  C.  Suppose  we  try  to  find  the  optimal  solution,  then  the  bound  associated  with  the  constraint 
on  the  objective  function  will  be  reset  to  C.  The  solution  label  02341  is  no  longer  a  good  tour. 
Normally  we  will  smply  add  02341  as  a  no-good  pattern  and  repair  the  label.  However  for  the  TSP 
problem,  we  can  generate  n  no-good  generic  patterns  with  one  value  of  the  last  solution  labd  to  be 
undefined.  For  the  above  example,  we  would  immediately  generate  five  generic  no-good  patterns 
{U2341, 0U341, 02U41, 023U1, 0234U  }  since  there  is  no  alternative  value  for  repair  for  any  variable 
pven  that  the  other  variables’  values  remain  the  same.  In  particular,  we  can  choose  any  one  of  the 
partial  labds  to  proceed  repairing. 
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Coiuider  anotlicr  example  in  the  Capital  Budget  Problem  where  a  partial  label  L  =  lOUUU  is 
to  be  repaired.  Suppose  previously,  we  have  already  found  a  solution  label  01111  with  the  benefit 
of  the  objective  function  as  95.  Normally,  we  would  simiply  continue  to  label  L.  However  for  this 
particular  problem,  we  can  immediately  treat  L  as  a  no-good  pattern  since  whatever  values  we 
assign  to  the  undefined  variables,  the  objective  function  of  the  resultant  label  caimot  be  more  than 
95,  ie.  the  objective  constraint  is  always  violated. 

The  generation  of  generic  no-good  patterns  is  also  dependent  on  the  kind  of  constraint  being 
violated  in  a  specific  application.  Consider  the  Capital  Budget  problem  again.  Given  an  initial 
label  11001,  although  the  objective  constraint  is  not  violated,  a  resource  constraint  (the  third  one) 
is  violated.  Bistead  of  simply  generating  11001  as  a  no-good  pattern,  we  produce  the  more  generic 
label  llUUl  as  a  no-good  pattern  since  the  only  alternative  values  (ie.  1)  to  repair  the  variable 
with  0  values  would  only  increase  the  violation  of  the  label.  Consider  another  label  00111.  This 
is  a  solution  label,  but  not  an  optimal  one.  During  the  optimizatin  process,  although  this  label 
satisfies  all  the  resource  constraints,  it  no  longer  satisfies  the  objective  constraint  with  the  current 
cost.  Instead  of  making  the  label  to  be  no-good,  we  generate  the  more  generic  no-good  pattern 
OOUUU  since  whatever  values  chosen  for  U  will  not  improve  the  benefit  of  the  objective  function. 
To  summerize,  in  the  Capital  Budget  problem,  if  a  label  violates  a  resource  constraint,  we  make  all 
the  0  values  in  the  label  to  be  undefined  and  then  generate  the  resultant  label  as  a  no-good  pattern; 
if  a  label  violates  an  objective  constraint,  we  make  the  1  values  in  the  label  to  be  undefined  and 
then  generate  the  resultant  label  as  a  no-good  pattern.  This  shows  that  the  generation  of  no-good 
patterns  can  be  controlled  by  exploring  the  characteristics  of  the  problem. 

5  Dynamic  Support  of  no-good  patterns 

No-good  patterns  are  knowledge  learnt  during  a  search  process.  They  can  be  used  in  subsequent 
search  and  new  constraint  problems.  In  a  dynamic  environment,  such  knowledge  are  still  valid  when 
new  constraints  (^.  new  jobs,  new  machine  restrictions)  are  added  or  old  constraints  (eg.  dealine 
is  put  forward)  are  tightened.  This  is  because  we  do  not  create  good  patterns.  However,  they  may 
no  longer  be  valid  when  some  old  constraints  (eg.  cancellations  of  jobs,  deadline  is  delayed)  are 
removed  (eg.  cancellations  of  jobs)  or  relaxed  (eg.  deadline  is  delayed). 

To  incorporate  constraint  relaxation  and  removal,  we  propose  to  support  every  no-good  pattern 
by  the  set  of  minininm  set  of  constraints  that  violates  the  pattern.  Subsumption  check  in  this  case 
win  also  involve  checking  if  the  supporting  set  of  set  of  constraints  is  also  subsumed.  In  this  way, 
if  a  constraint  is  removed,  then  any  set  in  the  supporting  set  of  a  no-good  pattern  that  contains 
the  coi»i>raint  is  removed  from  the  support  set.  If  a  constraint  is  relaxed,  then  any  set  in  the 
supporting  set  of  a  no-good  pattern  that  contains  the  constraint  relaxed  will  be  rechecked  by  the 
no-good  pattmn.  If  the  no-good  pattern  is  no  longer  supported  by  the  relaxed  set,  relaxed  set  is 
removed  from  the  support  set.  If  the  support  set  is  empty,  then  the  no-good  pattern  is  removed. 

Like  the  generation  of  no-good  patterns,  uncontrolled  generation  of  the  supporting  set  of  a 
no-good  pattern  can  also  be  very  costly.  To  control  this  problem,  we  suggest  several  strate^es 
to  approximate  the  supporting  set.  One  is  to  build  the  supporting  set  by  the  total  number  of 
constraints  that  the  no-good  pattern  is  involved  with.  If  any  constraint  is  removed  or  relaxed  from 
the  set,  the  no-good  pattern  will  be  withdrawn.  The  other  strategy  is  to  simply  remove  a  pattern 
if  a  constraint  that  involves  the  variables  of  the  pattern  is  removed/relaxed.  The  advantage  of  this 
strategy  is  that  it  does  not  require  any  space  to  store  the  supporting  set  of  a  no-good  pattern. 
Subsumption  check  is  just  like  that  in  a  static  environment.  Both  strat^es  do  not  affect  the 
completeness  of  the  no-good  backmarking  method,  but  may  remove  some  learnt  knowledge  (or 
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no-good  patterns)  even  though  the  constraint  relaxation  or  removal  does  not  affect  the  knowledge. 
However  this  trade-off  between  the  overheads  of  maintaining  no-good  patterns  and  the  loss  of 
no-good  patterns  is  often  necessary  in  practice. 

6  Implementation  and  Experimentation 

The  proposed  technique  has  been  implemented  in  Eclipse  -  a  constraint  logic  programming  language 
that  extends  the  CHIP  developed  at  ECRC.  We  have  tested  the  technique  against  the  TSP  and 
the  Capital  Budget  problem.  For  these  problems,  the  performance  of  our  no-good  backmarking 
methods  compares  about  100  times  faster  than  the  no-good  justification  approach.  When  compared 
with  a  pure  simulated  annealling  implementation  of  TSP,  the  method  also  fares  much  better  for 
10  city  TSP  problem.  For  larger  TSPs,  it  is  observed  that  the  method  performs  still  better  than 
simulated  a.nii«»a.lling  if  we  compare  the  times  of  the  two  methods  in  obtaining  the  best  cost  of  the 
simulated  annealling  method.  This  is  partly  expected  as  the  no-good  backmarking  method  also 
incorporates  an  element  of  randomness.  Since  the  NG-Backmarking  method  adopts  a  min-max 
strategy  in  optimization,  it  particularly  performs  better  if  the  initial  cost  of  a  problem  is  set  low. 

The  current  implementation  did  not  explore  any  constraint  handling  primitives  in  Eclipse  at 
the  moment  and  it  essentially  just  runs  the  Prolog  part  of  the  Eclipse  language.  This  is  satisfactory 
for  the  problems  we  have  tested.  However  we  are  now  looking  at  the  well-known  10-job  and  10- 
machine  scheduling  problem  [Jiang  et  al  94]  and  the  British  Airways  flight  allocation  problem 
[Lever  &  Richards  94].  Our  previous  experience  in  these  problems  indicate  that  dynamic  domain- 
fllteiing  can  play  an  important  role  in  improving  the  performance  of  these  problems.  It  is  our 
intention  to  explore  the  full-power  of  Echpse,  using  constraint  handling  mechanisms  within  the 
overall  architecture  proposed  in  this  paper. 

Our  experiments  have  also  confirmed  the  overheads  of  no-good  patterns  when  the  database  of 
such  patterns  grows  very  big.  Even  with  subsumption  check,  the  random  search  strategy  can  stiH 
take  quite  a  long  time  (and  hence  lead  to  possible  a  huge  space)  to  eventually  perform  a  subsumption 
reduction.  To  solve  this  problem,  we  integrate  random  search  with  regular  search.  This  has  proved 
to  be  extremely  effective  with  impressive  speed  improvement  of  the  order  of  one  magnititude.  By 
analysing  the  results,  we  discover  that  when  using  the  random  search  strategy  first,  since  the  repair 
method  jumps  about  randomly,  it  will  quite  quickly  settle  for  a  reasonably  good  solution  before 
it  is  overwhelmed  by  the  overheads  of  the  size  of  the  database  of  no-good  patterns.  By  then,  if 
we  switch  to  a  regular  search  strategy,  we  immediately  see  substantial  amount  of  subsumption 
reductions  which  results  a  more  directed  search  space  towards  the  optimal  solution. 

We  are  currently  implementing  the  dynamic  support  of  no-good  patterns.  Eclipse  is  particularly 
suitable  for  this  task  as  it  can  easily  find  out  what  constraints  are  violated  by  a  no-good  pattern 
and  what  variables  are  involved  in  this  constraints.  We  hope  to  report  some  of  these  results  at  the 
presentation. 

7  Comparisons  and  Hybrid  algorithms 

The  gmim’ation  of  no-good  patterns  corresponds  to  Dechter’s  learning  idea  [90]  in  the  search  pro¬ 
cess.  Whilst  the  support  set  of  a  no-good  pattern  is  similar  to  Schiex  &  Verfaillie’s  [93]  no-good 
recording  algorithm  for  dynamic  constraint  satisfaction.  These  algorithms  however  did  not  address 
the  problem  of  repairing  a  label  which  is  additionally  pursued  in  the  paper.  The  no-good  back- 
marking  method  can  be  seen  as  an  integration  of  the  no-good  justification  search  architecture  with 
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backjumping,  no-good  pattern  learning,  dynamic  maintenance  and  min-conflict  repair.  Recently, 
it  baa  come  to  our  attention  that  the  no-good  justification  search  architecture  with  backjumping  is 
similar  to  Ginsberg’s  dynamic  backtracking  search  architecture  [Ginsberg  93]  although  he  did  not 
address  dynamic  support  for  no-good  patterns. 

Traditional  backmarking  usually  makes  good  and  no-good  patterns  following  a  tree  structure. 
NG-Backmarking  on  the  other  hand  randomly  moves  about  the  search  space  while  generating  only 
no-good  patterns.  There  is  no  need  to  generate  good-patterns  because  they  may  not  be  good  any 
more  when  tigher  bounds  are  set  for  the  objective  function  in  the  optimization  process.  However 
it  is  possible  to  generate  good  patterns  for  each  current  objective  function  and  remove  them  when 
the  current  objective  function  is  reset  to  a  new  bound.  Of  course,  we  can  apply  the  concept  of  a 
supporting  set  to  good  patterns  as  well,  but  the  overheads  are  not  worthwhile. 

Domain  filtering  methods  remove  inconsistent  domain  values  during  propagation.  They  are 
usually  incomplete  in  the  sense  that  not  every  value  that  does  not  contribute  to  a  solution  of  the 
constraint  problem  is  eliminated.  Even  if  they  are  complete  under  some  restricted  domain,  labelling 
still  has  to  be  done  in  a  separate  st^e.  No-good  backmarking  on  the  other  hand  perform  labelling 
as  well  as  filtering.  Here  filtering  however  does  not  eliminate  values  from  the  domain  rather  they 
are  indirectly  eliminated  by  no-good  patterns.  Admittedly,  such  an  indirect  filtering  can  be  very 
ineffective  especially  with  large  domains  and  densely  connected  variables  in  a  constraint  system. 
However  the  great  strength  of  the  algorithm  is  that  it  is  repair- based  and  hence  can  be  easily 
applied  to  reactive  applications  such  as  scheduling. 

Nevertheless  the  proposed  NG-Backmarking  a^oiithm  is  not  orthognal  to  a  domain-filtering 
method.  In  fact,  such  a  filtering  method  can  be  applied  as  a  preprocessing  phase  to  reduce  the 
domains  of  the  variables  in  the  constraint  problem.  This  wUl  certainly  improve  the  efficiency 
of  the  algorithm  as  its  performance  is  significantly  dependent  on  the  size  of  the  domains  of  the 
variables.  In  particular,  in  the  optimization  process  of  the  algorithm,  since  the  soft  constraint  on 
the  objective  funtion  is  effectively  turned  into  a  hard  constraint  each  time  a  new  solution  is  found 
or  a  new  bound  is  set,  using  a  domain-filtering  technique  can  continously  or  iteratively  reduce  the 
domains  of  variables  in  the  constraint  problem. 

We  can  even  perform  domain-filtering  for  each  partial  labels  in  the  labelling  process  provided  we 
can  maintain  the  previous  domains  when  we  are  repairing  the  labels.  This  idea  is  pairticularly  good 
for  the  air  flight  allocation  problem  [Lever  &  Richards  94]  we  have  looked  at.  There  a  constraint 
lo^c  programming  implmentation  [Van  Hentenryck  et  al  92]  is  applied  which  provides  the  natural 
backtracking  or  maintenance  of  previous  domains  for  you. 

Trsulitional  repair  methods  usually  work  on  complete  (but  possibly  inconsistent)  labels,  the 
propose  NG-Backmarking  method  however  can  work  on  partial  (but  still  possibly  inconsistent) 
labels.  It  is  also  worth  noting  that  no-good  backmarking  subsumes  tabu  search.  While  tabu  search 
only  forbid  moves  from  one  complete  label  to  another,  no-good  backmarking  can  additionally  forbid 
moves  from  one  partial  label  to  another. 

Traditional  repair  methods  often  do  not  guarantee  to  find  the  optimal  solution  although  some 
of  them  can  avoid  local  minimum.  The  proposed  NG-Backmarking  method  guarantees  to  find  the 
optimal  solution.  The  search  space  in  this  case  is  controlled  by  "jumping”  about  the  search  tree 
where  any  part  of  the  tree  that  leads  to  no-good  patterns  are  pruned. 

In  real-world  applications,  we  often  have  an  idea  about  the  rough  bound  of  the  objective  func¬ 
tion.  For  example,  we  may  well  know  that  driving  from  London  to  Camridge  cannot  be  more 
than  3  hours  and  aU  we  want  to  find  is  the  quickest  route  to  take.  Unfortunately,  traditional 
repair  methods  are  not  particularly  benefitable  by  a  good  initial  bound  for  the  objective  function. 
This  is  because  it  may  make  the  methods  to  be  trapped  in  a  local  minimum.  The  proposed  NG- 


Backmairking  method  on  the  other  hand  can  be  greatly  beneiitted  by  a  good  initial  bound.  TMs  is 
because  a  good  bound  can  prune  the  search  space  through  the  generation  of  many  generic  no-good 
patterns  earlier  on  in  the  backmaiking  process. 

The  NB-backmarking  algorithm  only  allows  repair  of  a  partial  solution  to  another  with  lower 
cost  using  a  hiU-climbing  strategy.  Although  the  method  guarantees  to  find  a  global  optimum,  it 
can  take  a  rather  long  time  to  move  away  from  local  minimum.  Especially,  the  number  of  no-good 
patterns  generated  at  every  step  of  Hill-climbiag  is  exponential  in  space  complexity.  Hill-dimbing 
itself  can  also  be  very  expensive  since  it  involves  the  selection  of  the  best  measurement  of  the 
relative  cost  of  a  repair.  Furthermore,  each  no-good  pattern  can  be  regarded  as  an  extra  constraint 
despite  its  simplicity.  So  learning  such  a  constraint  may  not  be  always  effective  if  the  size  of  the 
no-good  pattern  is  not  controlled. 

To  deal  vdth  this  problem,  in  [Li  &  Jiang  94],  we  have  presented  a  hybrid  method  called 
NG—Btiekmarking^  that  integrates  simulated  annealing  and  tabu  search  with  NG-Backmarking. 
The  basic  idea  is  to  allow  the  repair  of  a  partial  label  or  solution  with  higher  cost  depending  on  some 
probability  measure.  Although  this  could  lead  to  repairs  of  higher  cost  earlier  in  the  search  process, 
it  may  well  improve  the  search  later  on.  In  particular,  compared  with  Hill-climbing,  the  simulated 
annealing  strategy  does  not  suffer  from  the  computationally  expensive  overheads  of  choosing  a  least 
costly  repairs. 

The  proposed  repair  method  can  even  be  adapted  to  accommodate  genetic  algorithms  (GA). 
The  no-good  database  essentially  contains  all  possible  partial  labels  that  need  to  be  repaired.  We 
can  combine  two  partial  labels  (via  a  cross-over  operation  between  two  partial  labels)  to  form  a  new 
partial  label  to  be  repaired.  Or  we  can  choose  any  individual  label  in  parallel  or  altematingly  to 
repair  via  a  mutation  operation.  This  approach  generalizes  genetic  algorithm  which  only  perform 
combination  or  mutatation  on  complete  labels  to  form  new  labels.  In  the  hybrid  approach,  GA  helps 
the  NG-Backmarking  to  perform  repair  on  more  “healthy”  labels,  while  the  NG-Backmairking  helps 
GA  to  ensure  the  optimal  label  to  be  found. 
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Abstract 

Local  propagation  is  often  used  in  graphical  user 
interfaces  to  solve  constraint  systems  that  describe 
structures  and  layouts  of  figures.  However,  algo¬ 
rithms  based  on  local  propagation  cannot  solve  simul¬ 
taneous  constraint  systems  because  local  propagation 
must  solve  constraints  individually.  We  propose  an  ef¬ 
ficient  algorithm  that  satisfies  systems  of  constraints 
with  strengths,  even  if  they  must  be  solved  simulta¬ 
neously,  by  ‘dividing’  them  as  much  as  possible.  In 
addition  to  multi-way  constraints,  it  handles  various 
other  types  of  constraints,  for  example,  constraints 
solved  with  the  least  squares  method.  Furthermore,  it 
unifies  the  treatment  of  different  types  of  constraints 
in  a  single  system.  We  implemented  a  prototype  con¬ 
straint  solver  based  on  this  algorithm,  and  evaluated 
its  performance. 


1  Introduction 

Local  Propagation  is  an  efficient  constraint  satisfac¬ 
tion  algorithm  that  takes  advantage  of  potential  lo¬ 
cality  of  constraint  systems.  It  is  often  used  in  graph¬ 
ical  user  interfaces  (GUIs)  to  solve  constraint  systems 
that  describe  structures  and  layouts  of  figures. 

Early  constraint  solvers  based  on  local  propagation 
handle  one-way  constrainU  because  the  algorithm  is 
simple  [6].  A  one-way  constraint  always  outputs  a 
value  to  a  certain  variable.  For  example,  consider  a 
constraint  system  with  the  constraints  v  =  to  x  z, 
w  =  y,  and  x  =  y  +  z.  Figure  1  shows  a  con¬ 
straint  graph  representing  this  system,  where  circles 
and  squares  represent  variables  and  constraints  re¬ 
spectively.  If  these  constraints  are  one-way,  they  are 
always  solved  for  certain  variables,  e.g.  v  w  x  x, 
w  *—y,  and  x  *—  y+z.  This  case  is  illustrated  by  the 
correct  solution  graph  in  Figure  2,  where  arrows  from 
constraints  point  to  variables  to  which  the  constraints 
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output  values.  A  solution  graph  is  a  constraint  graph 
extended  so  that  it  dictates  how  constraints  will  be 
solved.  A  correct  solution  graph  is  a  solution  graph 
that  can  produce  correct  solutions,  and  satisfies  the 
following  two  properties;  the  value  of  each  variable 
must  be  determined  by  at  most  one  constraint,  that 
is,  the  graph  should  have  no  conflicts,  and  all  the  con¬ 
straints  must  be  partially  ordered,  that  is,  the  graph 
must  have  no  cycles.  Applying  local  propagation  to 
a  correct  solution  graph  is,  in  short,  equivalent  to 
solving  necessary  constraints  in  the  order  consistent 
with  the  partial  order  dictated  by  the  graph.  For 
example,  Lf  the  value  of  variable  y  is  changed  in  Fig¬ 
ure  2,  local  propagation  solves  this  solution  graph  by 
first  computing  w  *-  y,  next  x  •—  y-hz,  and  finally 
V  w  X  X.  Since  this  order  is  easily  obtained  with 
topological  sort,  and  also  since  constraints  are  indi¬ 
vidually  solved  at  most  once,  loc:;]  propagation  is  an 
extremely  efficient  algorithm. 


Figure  1:  A  Constraint  Graph 


w»y 


x»y+i 


Figure  2:  A  Correct  Solution  Graph 

However,  one-way  constraints  are  often  insufficient 
because  they  cannot  change  dependencies  among 
variables.  To  cope  with  this  problem,  multi-way  con¬ 
straints  are  proposed  [1].  A  multi-way  constraint  has 
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multiple  candidates  for  its  output  variable.  For  ex¬ 
ample,  the  constraints  in  the  above  example  can  be 
multi-way  because  they  have  multiple  Variables  whose 
values  can  be  uniquely  determined.  By  contrast,  log¬ 
ical  formula  such  as  a  =  6  A  c  are  not  multi-way  con¬ 
straints  since  they  lack  such  a  property.  A  system  of 
multi-way  constraints  is  solved  as  follows:  First,  out¬ 
put  variables  are  selected  for  each  constraint,  that  is, 
a  solution  graph  is  generated  out  of  the  system  so 
that  the  graph  has  no  conflicts  and  no  cycles^ .  Then, 
local  propagation  is  applied  to  the  solution  graph. 

Multi-way  constraints  also  embody  a  problem  that 
output  variables  are  not  determined  uniquely.  Figure 
3  illustrates  a  solution  graph  for  the  constraint  graph 
in  Figure  1,  but  is  different  in  the  output  variables 
from  the  graph  in  Figure  2.  Both  solution  graphs  are 
correct  because  they  have  no  conflicts  and  no  cycles, 
but  such  ambiguity  is  not  preferable  in  GUIs  since 
it  may  cause  unexpected  behavior  to  the  user.  The 
ad-hoc  solution  is  to  provide  additional  constraints; 
when  the  value  of  y  is  edited  in  the  above  example,  a 
constraint  that  Axes  the  values  of  variable  v  .or  2  will 
determine  a  unique  solution  graph.  However,  such 
a  solution  is  obviously  not  desirable  since  it  would 
easily  result  in  over-constrained  systems. 
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Figure  3:  Another  Correct  Solution  Graph 

Boming  et  al.  proposed  constraint  hierarchies  to 
cope  with  this  problem  [2, 10].  A  constraint  hierarchy 
is  a  system  of  constraints  with  hierarchical  strengths. 
If  the  system  is  over-constrained,  it  is  solved  so  that 
there  are  as  many  satisfied  strong  constraints  as  pos¬ 
sible.  In  Figure  4a,  for  example,  the  constraints  x  =  1 
and  X  =  3  conflict.  However,  if  x  =  1  and  x  =  3  are 
associated  with  strong  and  weak  respectively,  the  con¬ 
straint  system  is  solved  by  satisfying  only  x  =  1  as 
shown  in  Figure  4b.  Blue  and  DeltaBlue  were  first 
proposed  as  algorithms  that  solve  constraint  hierar¬ 
chies  with  multi-way  constraints  [4,  8].  The  Delta- 
Blue  algorithm  determines  output  variables  of  con¬ 
straints  incrementally  when  a  constraint  is  added  or 
removed,  and  realises  constraint  satisfaction  without 
losing  the  efuciency  of  local  propagation. 

Although  constraints  have  become  powerful  as  de¬ 
scribed  above,  local  propagation  has  a  serious  prob¬ 
lem:  constraint  systems  employed  in  real  applications 

*Few  practical  algorithms  tty  to  eliminate  cycles. 
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(»)  (b) 

Figure  4:  Solution  Graphs  (a)  for  an  Over- 

Constrained  System  and  (b)  for  a  Constraint  Hier¬ 
archy 

often  result  in  solution  graphs  with  cycles  or  conflicts. 
For  example,  consider  a  constraint  system  with  the 
constraints  a  —  b  =  /,  (a  +  b)/2  =  m,  stay(/),  and 
edit(nt).  This  system  represents  a  typical  situation 
where  the  midpoint  of  two  points  is  moved  with  a 
mouse,  but  its  solution  graphs  contain  cycles  by  ne¬ 
cessity,  e.g.  as  illustrated  in  Figure  5.  As  another 
example,  suppose  a  constraint  hierarchy  with  the  con¬ 
straints  strong  X  =  1  and  strong  x  =  3.  Even  if 
one  wants  to  apply  the  least  squares  method  to  these 
constraints  and  to  obtain  the  solution  x  =  2,  local 
propagation  will  fail.  The  resulting  solution  graph 
contains  a  conflict  as  shown  in  Figure  6.  Generedly, 
in  constraint  systems  that  result  in  solution  graphs 
with  cycles  or  conflicts,  constraints  need  to  be  solved 
simultaneously. 


stay  a-J>«l 


(tt*b)a^m  edit 


Figure  5:  A  Solution  Graph  with  a  Cycle 


strong  strong 

1  x«3 

Figure  6:  A  Solution  Graph  with  a  Conflict 

We  propose  an  ef&cient  algorithm  that  satisfles 
constrmnt  hieretrchies,  even  if  constraints  must  be 
solved  simultaneously,  by  ‘dividing’  them  as  much 
as  possible.  This  algorithm  is  efficient  enough  to  be 
applied  to  constraint- based  GUIs  since  it  incremen¬ 
tally  finds  parts  of  constraint  systems  that  must  be 
solved  simultaneously.  In  addition  to  multi-way  con¬ 
straints,  it  handles  various  other  kinds  of  constraints, 
for  example,  constraints  solved  with  the  least  squares 
method.  Furthermore,  it  unifies  the  treatment  of  dif¬ 
ferent  types  of  constraints  in  a  single  hierarchy.  We 
implemented  a  prototype  constraint  solver  based  on 
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this  algorithm,  aod  evaluated  its  performance.  Tak¬ 
ing  advantage  of  this  solver,  we  developed  the  IM¬ 
AGE  system,  which  generates  GUIs  by  generalizing 
multiple  visual  examples. 

2  Locally  Simultaneous  Con¬ 
straint  Satisfaction 

In  this  section,  we  present  an  extended  theory  of  con¬ 
straint  hierarchies  and  an  efficient  algorithm  that  in¬ 
crementally  finds  parts  of  constraint  hierarchies  that 
must  be  solved  simultaneously. 

2.1  Overview 

In  our  extended  constraint  hierarchy  theory,  con¬ 
straints  are  categorized  into  solution  types,  which  are 
determined  by  how  the  constraints  are  solved.  For 
example,  there  is  a  solution  type  of  constraints  that 
will  be  ignored  if  they  cannot  be  solved  exactly,  as  is 
with  the  Blue  and  DeltaBlue  algorithms.  Also,  there 
is  another  solution  type  of  constraints  that  must  be 
solved  even  in  such  a  case  by  minimizing  their  er¬ 
rors  with  the  least  squares  method.  Alternatively,  we 
can  consider  a  solution  type  of  constraints  to  layout 
graphs,  etc. 

All  constraints  with  an  equal  strength  must  belong 
to  a  single  solution  type.  Intuitively,  this  requirement 
is  necessary  because  it  is  difficult  to  treat  constraints 
equally  if  they  have  different  solution  types. 

Based  on  this  theory,  our  algorithm  solves  con¬ 
straint  hierarchies  with  the  following  restrictions: 

•  If  solved  individually,  constraints  are  single-output 
and  multi-way  and  can  select  any  of  their  con¬ 
strained  variables  as  outputs. 

•  All  constraints  in  a  constraint  hierarchy  are 
independent^.  For  example,  a  hierarchy  must  not 
contain  the  constraints  strong  x  y  =  1  and 
weak  x-f-y  =  1. 

2.2  Theory 

By  extending  the  theory  described  in  [10],  we  for¬ 
mulated  constraint  hierarchies  that  contain  multiple 
solution  types  of  constraints.  A  constraint  hierar¬ 
chy  H  ia  n  pair  (V,C),  where  V  is  a  set  of  variables 
that  range  over  some  domain  2>,  and  C  is  a  set  of 
constraints  on  variables  in  V.  Each  constraint  is  as¬ 
sociated  with  a  strength  i  where  0  <  i  <  n.  Strength 
0  represents  the  strength  of  required  constraints,  and 

^Tlie  leawsi  ia  that  our  algorithm  mainly  uae»  information 
on  gn^hical  structures  of  constraint  hierarchies. 


the  larger  the  number  of  a  strength,  the  weaker  it 
is.  All  constraints  with  an  equal  strength  t  are  cat¬ 
egorized  into  a  solution  type  r^.  C  is  divided  into 
lists  Co,  Cl, ...,  C„,  where  Ci  contains  constraints  with 
strength  t  in  some  arbitrary  order. 

Solutions  to  a  constraint  hierarchy  are  defined  as 
a  set  of  valuations.  A  valuation  0  is  a  function  that 
maps  variables  in  V  to  their  values  in  V.  An  error 
function  e^  returns  a  non-negative  real  by  evaluating 
the  error  for  ^  of  a  constraint  c  of  a  solution  type 
r.  The  error  Ct(c^)  =  0  if  and  only  if  c  is  exactly 
satisfied  by  ff.  The  function  Et,  returns  the  list  of 
errors  of  a  list  of  constraints  Q  =  [ci,  C2, ...,  ct],  i.e., 

ETi(Ci0)  =  [eTi(citf),CT,(c2^),  ...,eT,(ct5)]. 

Each  element  er,(ci0)  can  be  weighted  by  a  positive 
real  Wi.  An  error  sequence  R{C6)  is  the  error  of  C 
except  Cq: 

R{Cd)  =  [Er,(Ci^),  E.,(C2«) . ErACn0)]. 

A  combining  function  Pn  combines  EniCiB).  Two 
combined  errors  gniEniCiO))  and  yr, (G,-^))  are 
compared  by  a  reflexive  and  symmetric  relation 
<>,,  ,  and  an  irreflexive,  antisymmetric,  and  transi¬ 
tive  relation  .  The  function  G  combines  an  error 
sequence  R{C0): 

GiR{Ce))  =  [yn(^r.(Gi<?)),...,yr.(i^r.(C„0))]. 

Two  combined  error  sequences  G{R{C9))  and 
G{R(C<p))  are  compared  by  a  lexicographic  ordering 
relation  <g  '- 

G{R[C0))  <G  G{R{,C<f>)) 

=  3fcel...n.Vt€l.../fe-l. 

9Ti[ETi[Ci9))  Ojn  9Ti{ETi{Ci<p))  A 
grAErACtO))  <3r,  9rAErdCk<p)). 

We  say  that  6  is  better  than  <p  if  and  only  if 
G{R{C0))  <G  G{R{C>p)). 

The  set  S  of  solutions  to  H  is  defined  as  follows: 

So  =  |Vc€Co.  er„(c0)  =  O} 

S  =  {(p  G  So  I  Vtf  6  So- 

-(G(J?(C<?))  <G  G(R(G,j)))}. 

The  main  difference  from  the  original  formulation 
in  [10]  is  existence  of  solution  types.  In  [10],  all  con¬ 
straints  in  a  constraint  hierarchy  are  categorized  into 
some  single  solution  type,  and  therefore,  for  each 
strength  i,  er,  and  gr,  are  some  e  and  some  g  re¬ 
spectively.  Since  errors  of  constraints  with  different 
strengths  are  never  compared  directly,  we  can  safely 
assign  various  solution  types  to  each  strength. 
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Two  eitor  functions  are  presented  in  [10]:  Given 
a  constraint  c  and  a  valuation  6,  the  prtdicate  error 
function  returns  1  if  c  is  exactly  satisfied  for  0  and 
0  otherwise.  Also,  the  metric  error  function  returns 
c’s  metric,  e.g.  for  the  constraint  z  =  y,  the  distance 
between  x  and  y. 

Also  in  [10],  several  combining  functions  and  asso¬ 
ciated  relations  are  provided.  Since  it  does  not  intro¬ 
duce  multiple  solution  types  in  a  constraint  hierarchy, 
an  instance  of  <a  is  determined  by  single  instances  of 
e  and  g.  For  an  instance  of  <a  called  leasUsquares- 
beiter,  given  lists  of  errors  v  =  [vi,  vj, ...,  vt]  obt^ed 
with  the  metric  error  function,  jr(v)  =  tUivf, 
<f  is  <  and  <>g  is  =  for  reals.  For  instances  of 
<a  called  loeally-hetter,  given  v  =  [wi,«2,  ...,«*]  and 
u  =  [ui,U2,  ...,Ufc],  p(v)  =  V  and  <,  and  <>,  are 
defined  as  follows: 

V  <,  u  =  Vi.  Vj  <  Ui  A  3j.  vj  <  uj 
V  Of  u  s  Vi.  Vi  =  Uf. 

Locally-predicate-beiter  is  the  locally-better  using  the 
predicate  error  function,  and  locally-metric-htUeT  is 
the  one  employing  the  metric  error  function. 

In  the  rest  of  this  paper,  we  refer  to  the  solu¬ 
tion  type  associated  with  least-squares-better  as  t^sb 
and  constraints  of  tlsb  ss  least-squares-better  con¬ 
straints,  and  correspondingly  locally-predkate-better 
as  TZPB  sua<l  locally-predicate-better  constraints^. 

2.3  Solution  Graphs 

Local  propagation  cannot  solve  conventional  solution 
graphs  that  have  cycles  or  conflicts.  To  cope  with 
this  problem,  we  propose  a  new  definition  of  solution 
graphs.  Before  presenting  the  definition,  we  define 
constraint  graphs  of  constraint  hierarchies: 

Definition  1  (Coiutraint  Graph)  Given  a  con¬ 
straint  hierarchy  IT  =  (V,C),  a  bipartite  graph  B  ~ 
(V,  C,  E),  where  V  and  C  are  sets  of  nodes  and  E  is 
a  set  of  edges,  is  a  constraint  graph  of  H  if  and  only 
if 

E  —  {(w,  c)  €  V  X  C  I  V  is  constrained  by  c).  □ 

By  regarding  constraint  graphs  as  bipartite  graphs, 
we  can  use  theorems  and  algorithms  presented  in 
graph  theory. 

We  introduce  constraint  cells  to  overcome  the  de¬ 
fects  of  conventional  solution  graphs.  A  constraint 
cell  is  defined  as  follows: 

^Theae  names  may  sound  strange  because  ‘better’  is  associ¬ 
ated  with  <a  (not  <g),  but  we  use  them  instead  of  introducing 
new  tenninok^ea. 


Definition  2  (Constraint  Cell)  Let  H  =  (V,  C) 
be  a  constraint  hierarchy,  and  B  ~  {V,C,E)  a  con¬ 
straint  graph  of  H.  For  X  CV,  define  F  as  follows; 

r(X)  =  {cl(t;.c)eF  A  t;€X}. 

A  pair  p  =  (Vp,Cp)  is  a  constraint  cell  in  B  if  and 
only  if  Vp  C  V,  Cp  =  0,  and  tVpl  =  1,  or  Vp  C  V, 
Cp  C  C,  the  subgraph  of  B  induced  by  Vp  and  Cp  is 
connected,  and 

vxc  Vp.ixi<|r(X)nCpi. 

We  say  that  p  is  over-constrained  if  and  only  if  |Vp|  < 

\Cp\.  □ 

For  example,  the  box  with  round  corners  in  Figure 
7a  illustrates  a  constraint  cell  with  a  single  variable. 
Also,  Figure  7b  illustrates  a  constraint  cell  with  a 
single  constrrunt,  and  Figure  7c  shows  a  constraint 
cell  with  a  variable  and  a  constraint. 
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Figure  7;  Constraint  Cells 

Values  of  variables  in  a  constraint  cell  are  obtained 
by  evaluating  constraints  in  the  cell.  In  Figure  7c, 
for  example,  the  value  of  the  variable  y  is  determined 
by  the  constraint  0.  Because  of  Definition  2,  this  is 
always  possible  for  constraints  that  we  handle.  Def¬ 
inition  2  is  based  on  Hadl’s  theorem,  which  describes 
the  condition  on  existence  of  perfect  matchings  of  bi¬ 
partite  graphs  in  graph  theory.  Intuitively,  Definition 
2  means  that  given  a  constraint  cell  p  =  (Vp,  Cp),  the 
value  of  each  variable  in  Vp  can  be  determined  by  at 
least  one  constraint  in  Cp. 

We  can  regard  constraint  graphs  ‘divided’  by  con¬ 
straint  cells  as  solution  graphs: 

Definition  3  (Solution  Graph)  Given 
a  constraint  graph  B  =  {V,C,  E)  and  a  set  P  of  con- 
strunt  cells  in  B,  a  quadruple  Bs  =  (V,  C,  E,P)  is  a 
solution  graph  for  B  if  and  only  if; 

1.  each  variable  in  V  belongs  to  only  one  constraint 
cell  in  P, 

2.  each  constraint  in  C  belongs  to  only  one  construnt 
cell  in  P,  and 

3.  there  are  no  cyclic  dependencies  among  constraint 

cells  in  P.  Q 

For  example.  Figure  8  shows  a  solution  graph  equiv¬ 
alent  to  the  one  in  Figure  2^.  We  can  apply  local 

*For  readability,  we  often  draw  arrowheads  in  constraint 
cells  although  they  are  not  essential. 
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propagation  to  such  solution  graphs  in  the  same  way 
as  conventional  solution  grap^. 


Figure  8:  A  Solution  Graph  with  Constraint  Cells 

Solution  graphs  with  constraint  cells  support  con¬ 
straint  hierarchies  that  conventional  solution  graphs 
do  not  because  of  cycles  and  conflicts.  For  example, 
consider  a  constraint  hierarchy  with  the  constraints 
ot,  ^1  Cl  Iict  O’  he  required  t  =  0, 

weak  t  =  u,  7  weak  v  =  1,  ^  strong  t  +  v  =  w,  f 
weak  w  =  x,C  strong  z  +  y  =  z,j)  required  x  +  l  =  y, 
and  0  medium  2  =  7,  where  strong  and  medium  con¬ 
straints  are  locally-predicate-better  constraints,  and 
weak  constraints  are  least-squares-better  constraints. 
Figure  9a  shows  the  constraint  graph  of  this  hierar¬ 
chy,  and  Figure  9b  illustrates  a  conventional  solution 
graph  for  this  constraint  graph.  This  solution  graph 
is  not  correct  since  it  has  a  cycle  with  (i  x,  r/,  and 
y,  and  a  conflict  of  S  and  e  at  w.  To  begin  with,  we 
create  a  solution  graph  so  that  constraint  cells  con¬ 
tain  the  cycle  and  the  conflict  as  shown  in  Figure  9c. 
Satisfying  constraints  locally  in  these  cells,  the  cor¬ 
responding  valuation  6  is  obtained  as  {t  0,  u  •-* 
0,  w  1,  w  1,  *  !-►  3,  y  •-+  4,  2  7}.  The 

combined  error  sequence  is; 

strong  yrtp*  ([«.  C]©)) 

=  ^r.p.((0.0])  =  [0.0] 

medium  =  ^TtPsdO])  =  [0] 

weak  grtsai^TLSBil^i  T,  «]©)) 

=  0, 2])  =  0^  +  0^ +  2^  =  4. 

Merging  over-constrained  cells  with  other  cells 
sometimes  creates  a  ‘better’  solution  graph,  i.e.  the 
corresponding  valuation  is  better,  because  the  new 
cell  may  acquire  more  freedom  to  determine  the  val¬ 
ues  of  its  variables.  For  example,  by  merging  the 
over-constrained  cell  W  and  the  cell  V  into  the  new 
cell  W',  we  obtain  the  solution  graph  in  Figure  9d’. 
Then,  the  corresponding  valuation  4  is  {t  •-*  0,  ut-* 
0,  V  t~*  2,  a;  •-*  2,  *  •-+  3,  y  •-*  4,  2  »->  7},  and  the 


*  We  do  not  merge  constraint  ceDs  sinqily  because  they  con¬ 
tain  constraints  of  shniUr  solution  types  or  constraints  with 
equal  strengths.  For  example,  W'  in  Figure  9d  contains  mul¬ 
tiple  solution  types  of  constraints  with  multiple  strengths 
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Figure  9:  A  Constraint  Graph  and  its  Solution 
Graphs 


combined  error  sequence  is: 

strong  yTi.pB(£'ri.pe([^,C]*)) 

=  flr.PB([0.0])=[0,0] 

medium  ffTtP8(£’rj,PB([^]$))  =  yrtpsClO])  =  [0] 
weak  yTt5o(^^rts8([/?,7.c]<t)) 

=  9x158  ([1.0.1])  =  !*  + 02  4-12  =  2. 

This  indicates  that  #  is  better  than  6. 

We  define  correct  solution  graphs  so  that  they  can 
produce  solutions  to  constraint  hierarchies.  Before 
presenting  the  definition,  we  define  internal  strengths 
and  walkabout  strengths  of  constraint  cells.  Walk¬ 
about  strengths  were  first  introduced  as  walkabout 
strengths  of  variables  in  the  DeltaBlue  algorithm,  but 
for  our  purpose,  we  modify  the  definition. 
Definition  4  (Internal  Strength)  Let  p  be  a  con¬ 
straint  cell  {Vp,Cp).  The  internal  strength  of  p  is 
weakest  if  =  0,  and  the  weakest  among  strengths 
of  constraints  in  Cp  otherwise.  □ 

Definition  5  (Walkabout  Strength)  Given 
a  constraint  cell  p,  the  walkabout  strength  of  p  is  the 
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weakest  among  p’s  internal  strength  and  walkabout 
strengths  of  cells  with  variables  adjacent  to  p.  □ 

For  example,  the  internal  strength  of  the  constraint 
cell  W  in  Figtue  10  is  weak,  the  weakest  among  7’s 
strength  weak,  6’s  strength  strong,  and  e’s  strength 
weak.  The  walkabout  strength  of  W  is  also  weak,  the 
weakest  among  W't  internal  strength  weak,  7’s  walk¬ 
about  strength  required,  and  X'a  walkabout  strength 
medium. 
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Figure  10:  Walkabout  Strengths  of  a  Solution  Graph 

A  correct  solution  graph  is  defined  as  follows: 

Definition  6  (Correct  Solution  Graph)  A  solu¬ 
tion  graph  is  correct  if  and  only  if: 

1.  for  each  constraint  cell  with  multiple  constraints, 
the  pair  of  the  set  of  its  variables  and  the  set  of 
its  non-weakest  constraints  is  not  a  constraint  cell, 
and 

2.  for  each  over-constrained  cell,  its  internal  strength 
is  weaker  than  the  walkabout  strengths  of  any  other 
cells  with  the  variables  adjacent  to  the  constraints 
in  the  over-constrained  ceU. 

Intuitively,  condition  1  means  that  constraint  cells 
must  use  the  weakest  constraints  to  determine  the 
values  of  their  variables,  and  condition  2  means  that 
it  is  impossible  to  create  better  solution  graphs  by 
merging  such  over-constrained  cells  with  others.  The 
reason  for  the  latter  is  as  follows:  Suppose  an  over¬ 
constrained  cell  p  that  satisfies  condition  1  but  not 
condition  2.  Because  of  condition  1,  p  uses  the  weak¬ 
est  constraints  to  determine  the  values  of  its  vari¬ 
ables,  and  by  definition,  its  internal  strength  ip  is  the 
strength  of  the  weakest  constraints.  Since  p  does  not 
satisfy  condition  2,  tp  is  equal  to  or  stronger  than  the 
walkabout  strengths  w,  of  an  adjacent  cell  q.  Also  by 
definition,  the  values  the  variables  in  q  are  deter¬ 
mined  by  one  or  more  constraints  with  strength  w,. 
Therefore,  merging  p  with  q,  it  may  be  possible  to 
decrease  the  errors  of  the  constraints  with  strength 
^  in  p  by  increasing  the  errors  of  the  constraints 
with  strength  w,  and  then  to  create  a  better  valu¬ 
ation.  However,  if  p  satisfies  condition  2,  it  is  useless 
to  merge  p  with  q:  since  ip  is  weaker  than  w,,  it  is 


impossible  to  reduce  the  errors  of  the  constraints  with 
strength  ip  by  increasing  the  errors  of  the  constraints 
with  strength  Wq. 

For  exaunple,  the  solution  graph  in  Figure  1 1  is  not 
correct  because  the  cell  W  does  not  use  the  weakest 
constraint  e  to  determine  the  value  of  the  variable  w, 
wd  also  since  the  internal  strength  weak  of  the  over¬ 
constrained  cell  W  is  equatl  to  the  walkabout  strength 
of  the  cell  V .  By  contrast,  in  Figure  10,  the  over¬ 
constrained  cell  W  needs  the  weakest  constraints  7 
and  €  to  compute  the  values  of  the  variables  v  and  w, 
and  W's  internal  strength  weak  is  weaker  than  the 
walkabout  strength  required  of  the  cell  T  and  medium 
of  X.  This  solution  graph  is  correct  by  definition. 
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Figure  11:  Walkabout  Strengths  of  a  Incorrect  Solu¬ 
tion  Graph 


2.4  Algorithm 

It  is  desirable  that  sizes  of  constraint  celk  in  correct 
solution  graphs  are  minimized  since  local  propaga¬ 
tion  can  be  efficiently  applied  to  such  solution  graphs. 
Our  algorithm  creates  such  solution  graphs  incremen¬ 
tally  when  invoked  with  the  following  five  operations: 
adding  a  variable,  removing  a  variable,  adding  a  con¬ 
straint,  removing  a  constraint,  and  updating  a  vari¬ 
able  value.  The  former  four  operations  cause  the  cor¬ 
responding  solution  graph  to  be  modified,  and  the 
last  operation  applies  local  propagation  to  the  solu¬ 
tion  graph  as  described  earlier.  We  call  the  former 
planning  and  the  latter  execution. 

The  algorithm  for  adding  or  removing  a  variable 
is  quite  simple:  to  add  a  variable,  we  only  create  a 
new  constraint  cell  with  the  variable,  and  to  remove 
a  variable,  we  delete  the  constraint  cell  with  the  vari¬ 
able  after  verifying  that  the  variable  is  not  adjacent 
to  constraints.  In  the  rest  of  this  section,  we  describe 
the  algorithm  for  adding  or  removing  a  constraint  to 
a  hierarchy. 

2.4.1  Adding  a  Constraint 

Initially,  there  is  a  correct  solution  graph  whose  con¬ 
straint  cells  are  minimized.  When  a  new  constraint 


53 


is  added  to  this  hierarchy,  one  or  more  constraints 
with  an  equal  or  weaker  strength  may  be  ‘victimized,’ 
that  is,  their  associated  errors  will  be  increased.  In 
such  a  case,  the  algorithm  re-constructs  the  solution 
graph  incrementally  to  keep  it  correct  and  its  con¬ 
straint  cells  minimal  by  modifying  the  necessary  set 
of  cells. 

This  algorithm  handles  locally-predicate-better 
constraints  differently  from  other  solution  types  of 
constraints  since  they  may  be  ignored  if  they  cannot 
be  exactly  satisfied.  For  example,  suppose  that  weak 
constraints  were  locally-predicate-better  constraints 
in  the  constraint  hierarchy  presented  in  the  previous 
subsection.  In  the  constraint  cell  W  in  Figure  9d, 
only  one  of  the  constraints  7  and  e  would  have  to 
be  exactly  satisfied  because  they  would  be  locally- 
predicate-better  constraints.  Therefore,  in  this  case, 
the  solution  graph  in  Figure  9c  could  also  produce  a 
correct  solution  although  it  is  not  a  correct  solution 
graph  by  definition.  In  addition,  this  solution  graph 
could  be  solved  more  efficiently  than  the  graph  in  Fig¬ 
ure  9d.  Accordingly,  we  treat  locally-prefficate-better 
constraints  specially  by  permitting  ‘equal  to’  as  well 
as  ‘weaker  than’  in  condition  2  of  Definition  6. 

Figure  12  shows  the  algorithm  that  adds  a  con¬ 
straint  eon  to  a  constraint  hierarchy,  and  Figure  13 
describes  the  algorithm  to  decompose  a  coiistrunt  cell 
at  lines  13  and  19  in  Figure  12.  Let  us  explain  the  for¬ 
mer  algorithm  briefiy:  First,  we  create  a  constraint 
cell  with  c  at  line  1.  Second,  we  find  the  strength 
of  the  ‘victim’  constraint  at  line  2.  Next,  we  follow 
the  path  in  the  graph  of  the  constraint  cells  from  c 
to  the  victim  at  lines  5-21,  reversing  the  dependency 
between  these  cells.  After  this  process,  c  becomes  ac¬ 
tive.  Then,  we  eliminate  cycles  of  constraint  cells  gen¬ 
erated  in  the  previous  process  at  line  22,  and  update 
walkabout  strengths  correctly  at  line  23.  Finally,  we 
merge  over-constrained  cells  with  others  at  line  25  so 
that  they  can  minimize  the  errors  of  their  constraints. 

Figure  14  shows  an  example  of  the  execution  of 
this  algorithm.  Initially,  there  is  a  correct  solution 
graph  illustrated  in  Figure  14a.  When  a  constraint 
9  is  added  to  the  constraint  hierarchy,  this  algorithm 
works  as  follows: 

1.  A  constraint  cell  H  with  0  is  created  (Figure  14b). 

The  strength  of  the  victim  is  found  to  be  weak. 

2.  After  the  variable  z  is  removed  from  the  cell  G,  it 

is  added  to  H  (Figure  14c). 

3.  The  variable  x  is  deleted  from  the  cell  E,  and  is 

added  to  G  (Figure  14d).  The  constraint  c  in  F  is 

found  to  be  the  victim. 

4.  The  constraint  cells  G  and  F  are  merged  because 


1  cl  ^  «ew  cell  with  con; 

2  wasir  —  the  weakest  of  walkabout  strengths  of  cells 

with  variables  adjacent  to  cl; 

3  if  wastT  is  weaker  than  con’s  strength  then 

4  str  —  con’s  strength; 

5  while  str  is  stronger  than  wastr  do 

6  nextcl  •—  a  cell  that  contains  a  variable  adjacent 

to  cl  and  that  has  walkabout  strength  wastr; 

7  var  •—  a  variable  in  nextcl  that  connects  to  cl; 

8  remove  var  from  nextcl; 

9  add  var  to  cl; 

10  if  nextcl  is  empty  then 

11  str  —  weakest; 

12  else  if  nextcl's  internal  strength  is  wastr  then 

13  els  <—  cells  generated  by  decomposing  nextcl; 

14  cl  —  an  over-constrained  ceil  in  els; 

15  str  •—  cl’s  internal  strength; 

16  else 

17  bordereon  <—  a  constraint  in  nextcl  adjacent  to 

a  cell  with  walkabout  strength  wastr; 

18  remove  bordereon  from  nextcl; 

19  decompose  nextcl; 

20  cl  «—  a  new  cell  with  bordereon; 

21  str  —  cl’s  internal  strength; 

22  merge  cyclic  cells  dependent  on  con; 

23  update  walkabout  strengths  of  cells  dependent  on  con; 

24  if  wastr  is  weakest  or  constraints  with  strength  wastr 

are  not  locally-predicate-better  constraints  then 

25  merge  cells  that  cl  depends  on  and 

that  have  the  same  walkabout  strength  as  cl; 

Figure  12:  Adding  a  Constraint  con  to  a  Constraint 
Hierarchy. 


1  for  each  variable  var  in  cl  do 

2  remove  var  from  cl; 

3  create  a  cell  with  var; 

4  for  each  constraint  con  stronger  than  wastr  in  cl  do 

5  remove  con  from  cl; 

6  var  *—  a  variable  initially  in  cl  that  forms 

a  cell  alone  and  that  con  depends  on; 

7  reverse  the  dependency  between  con  and  var; 

8  for  each  constraint  con  with  strength  wastr  in  cl  do 

9  remove  con  from  cl; 

10  if  there  is  a  variable  initially  in  cl  that  forms 

a  cell  alone  and  that  con  depends  on  then 

11  var  •—  the  variable  found  above; 

12  reverse  the  dependency  between  con  and  var; 

13  else 

14  create  a  cell  with  con; 

Figure  13:  Decomposing  a  Constraint  Ceil  cl  with 
Walkabout  Strength  wastr 
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they  form  a  cycle  (Figure  14e). 

5.  Walkabout  strengths  are  updated  (Figure  14f). 

6.  Since  E  is  over-constrained,  it  is  joined  with  the 
constraint  cells  D  and  C,  which  have  the  same 
walkabout  strength  as  E  (Figure  14g). 

It  is  sometimes  necessary  to  decompose  ‘large’  con¬ 
straint  cells  that  contain  multiple  constraints.  For 
example,  suppose  that  a  constraint  1/  is  added  to  a 
constraint  hierarchy  as  shown  in  Figure  15a.  It  is  not 
sufficient  to  remove  the  variable  u;  from  the  constraint 
cell  A  and  then  to  add  it  to  the  new  cell  N  as  illus¬ 
trated  in  Figure  15b,  because  this  solution  graph  is 
not  correct  by  definition.  The  correct  solution  graph 
is  created  by  decomposing  A  as  shown  in  Figure  15c. 
Figure  13  describes  the  algorithm  that  decomposes 
such  ‘large’  constraint  cells  into  ‘small’  ones.  The  ba¬ 
sic  idea  is  to  match  variables  with  constraints  in  solu¬ 
tion  gr^hs,  employing  a  perfect  matching  algorithm 
for  bipartite  graphs.  For  example,  in  Figure  15c,  the 
constraint  cells  Ao,  A2,  and  A3  are  matched  pairs.  To 
leave  the  weakest  constraints  such  as  0  and  f  unsat¬ 
isfied,  our  algorithm  later  tries  to  match  the  weakest 
constraints  in  over-constrained  cells.  The  definition 
of  constraint  cells  guarantees  that  there  are  no  unde¬ 
termined  variables  after  decomposing  cells  with  one 
or  more  constraints.  Even  if  constraint  cells  that  do 
not  satis^'  condition  3  in  Definition  3  or  condition  2 
in  Definition  6  are  generated,  they  will  be  merged  by 
the  caller  algorithm  in  Figure  12. 
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Figure  15:  Decomposing  a  Constraint  Cell 


2.4.3  Removing  a  Constraint 

Removing  a  ccmstraint  from  a  constraint  hierarchy 
may  cause  one  or  mote  constraints  with  an  equal  or 
weaker  strength  to  decrease  their  errors.  This  is  per- 
f(»med  in  the  similar  to  adding  a  constraint  by 
reversing  the  depmdency  between  the  cell  with  such 
constraints  and  the  cell  that  has  been  contained  the 
removed  oaistraint. 

3  Implementation 

Based  on  the  algorithm  presented  in  the  previr 
ous  section,  we  implemented  a  constraint  solver  in 
Objective-C.  This  constraint  solver  consists  of  two 
layers  called  a  solver  and  suhsolvers.  A  solver  pro¬ 
duces  correct  solution  gr^hs,  and  applies  local  prop¬ 
agation  to  them.  Suhsolvers  obtain  values  of  vari¬ 
ables  by  serving  constraint  systems  locally  in  individ¬ 
ual  constraint  cells.  During  local  propagation,  the 
solver  invokes  appropriate  suhsolvers  based  on  solu¬ 
tion  types  of  constraints  in  cells.  For  example,  if  a  cell 
contains  only  locally-predicate-better  constraints,  the 
solver  calls  the  suhsolver  for  txpb  •  This  architecture 
enables  us  to  introduce  a  new  solution  type  of  con¬ 
straints  only  by  implementing  a  new  suhsolver. 

We  implemented  three  suhsolvers-.  one  that  han¬ 
dles  locaUy-predicate-better  constraints  represented 
as  linear  equations  or  multi-way  constraints,  one 
that  treats  least-squares-better  linear  equation  con¬ 
straints,  and  one  that  generates  graph  layouts  based 
on  the  qiring  model  [3]. 

4  Comparison  with  SkyBlue 

SkyBlue  is  a  successor  of  the  DeltaBlue  algorithm  [7]. 
Like  DeltaBlue,  SkyBlue  solves  hierarchies  of  multi¬ 
way  constraints  using  loeally-graph-hetter,  a  variation 
of  locally-predicate-better.  Moreover,  it  supports 
constraints  with  multi-output  methods  and  cycles  of 
constraints.  A  method  of  a  constraint  is  a  procedure 
used  to  satisfy  the  constraint,  and  a  multi-output 
method  is  a  method  that  outputs  values  to  multi¬ 
ple  variables.  For  example,  the  constraint  p  =  (z,y), 
which  equates  a  point  variable  p  with  two  real  vari¬ 
ables  z  and  y,  has  a  single-output  method  p  *—  (x,  y) 
and  a  multi-output  method  (x,y)  *—  p.  SkyBlue 
treats  cycles  of  constraints  by  invoking  cycle  solvos, 
which  solve  constraints  in  cycles  simultaneously. 

It  is  interesting  to  compare  cycle  solvers  of  the 
SkyBlue  constraint  solver  with  suhsolvers  of  our  con¬ 
straint  solver:  Cycle  solvers  solve  two  or  more  con¬ 
straints  at  once  because  methods  solve  associated 


constraints  individually.  By  contrast,  suhsolvers  can 
solve  individual  constraints,  cycles  of  constraints,  and 
even  over-constrained  sets  of  constraints.  In  addition, 
suhsolvers  allow  constraints  to  have  methods  as  done 
in  SkyBlue*.  Therefore,  suhsolvers  are  more  func¬ 
tional  than  cycle  solvers. 

The  critical  differences  between  our  algorithm  and 
the  SkyBlue  algorithm  are  summarized  as  follows: 

•  Our  algorithm  bandies  various  solution  types  of 
constraints  in  single  hierarchies  while  SkyBlue 
treats  only  multi-way  constraints  solved  using 
locally-graph-better. 

•  SkyBlue  supports  multi-output  methods  while  our 
algorithm  does  not. 

It  will  depend  on  applications  which  algorithm  is  over 
the  other. 

5  Performance  Measurements 

Using  the  chain  benchmark  [8],  we  compared  the 
performance  of  our  constraint  solver  implemented  in 
Objective-C  with  that  of  DeltaBlue  implemented  in 
C^.  Initially,  the  constraint  hierarchy  contains  the  re¬ 
quired  constraints  xo  =  zi,zi  s  . . Xn-a  =  ^n-i 

and  the  constraint  weak  stay(xo)  (Figure  16a).  The 
chain  benchmark  measures  the  planning  time  to  add 
the  constraint  strong  edit(xn-i)  to  the  hierarchy  (Fig¬ 
ure  16b),  and  also  measures  the  execution  time  to 
compute  values  of  variables  when  the  value  of  Xn-i 
is  changed  through  edit(x„.i).  Both  of  the  planning 
and  the  execution  are  the  worst  cases  where  the  over¬ 
all  solution  graph  must  be  processed. 
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Figure  16:  The  Chain  Benchmark 

Figure  17  shows  the  result*:  while  the  planning 
time  of  our  solver  is  almost  four  times  as  long  as 

*In  fact,  the  s«i*o/ver  implemented  for  locelly-predicate- 
better  constraints  bandies  multi-way  constraints  with  single¬ 
output  methods. 

^Since  SkyBlue  is  implemented  only  in  Lisp,  we  did  not 
conqrared  our  constraint  solver  with  SkyBlue. 

*Precisely  speaking,  the  separation  of  planning  and  exe¬ 
cution  is  slightly  different  from  the  description  presented  in 
Section  2.  In  both  our  constraint  solver  and  DeltaBlue,  the 
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Figure  17:  Results  of  tbe  Chain  Benchmark 


that  of  DeltaBlue,  the  execution  time  is  nearly  twenty 
times  as  long.  The  planning  time  is  probably  accept¬ 
able  for  GUI  applications,  but  the  execution  time 
is  extremely  too  long  for  such  applications.  The 
main  handicaps  of  our  solver  are  the  complex  data 
structure  of  constraint  cells,  and  dynamic  bindings 
of  methods  in  Objective-C*.  We  believe  that  dy¬ 
namic  bindings  caused  such  slow  execution  because 
the  source  program  involves  numerous  message  send¬ 
ings  with  dynamic  bindings***.  If  we  re-implement 
our  solver  in  C-f-b,  its  performance  is  expected  to 
approach  that  of  DeltaBlue. 

6  Conclusions  and  Status 

We  proposed  an  efficient  algorithm  that  incrementally 
solves  multiple  solution  types  of  constraints  in  single 
constraint  hierarchies  by  grouping  together  cyclic  or 
conflicting  constraints  into  constraint  cells.  We  im- 
plemoited  a  constraint  solver  based  on  this  algorithm, 
and  provided  a  promising  result  on  its  performance. 

Using  this  solver,  we  developed  the  IMAGE  system, 
which  generates  GUIs  by  generalizing  multiple  visual 
examples  [5].  This  system  takes  advantage  of  the  abil¬ 
ity  of  our  solver  to  handle  hierarchies  of  simultaneous 
constraints.  Also,  we  are  planning  on  i4>plying  our 
constraint  solver  to  our  algorithm  animation  system 
based  on  declarative  specification  [9]. 
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Abstract 

Mniti'way  local  propagation  constraints  ate  a  powerfnl  and  flexible  tool  for  implementing  applications 
such  as  graphical  nsei  interfaces.  We  have  bnilt  constraint  stivers  that  maintain  sets  of  preferential  mnlti- 
way  constraints,  and  integrated  them  into  naer  interface  development  environments.  These  solvers  are 
baaed  on  the  formal  theory  of  constraint  hierarchies,  leaving  weaker  constraints  unsatisfied  in  order  to 
solve  stronger  constraints  if  all  of  the  constraints  cannot  be  satisfied. 

Onr  experience  has  indicated  that  large  constraint  networks  can  be  difficult  to  constrnct  and  under¬ 
stand.  To  investigate  this  problem,  we  have  developed  a  ssrstem  for  interactively  constructing  constraint- 
based  user  interfaces,  integrated  with  to<ds  for  displaying  and  analysing  constraint  networks.  This  paper 
describes  the  debugging  facilities  of  this  system,  and  presents  a  new  algorithm  for  enumerating  all  of  the 
ways  that  the  solver  conld  maintain  a  set  of  constraints. 


1  Introduction 

A  multi-way  local  propagation  constraint  is  represented  by  a  set  of  meihod  procedures  that  read  the  values 
of  some  of  the  constrained  variables,  and  calculate  values  for  the  remaining  constrained  variables  that  satisfy 
the  constraint.  A  set  of  such  constraints  can  be  maintained  by  a  constraint  solver  that  chooses  one  method  for 
each  constraint  so  that  no  variable  is  set  by  more  than  one  selected  method  (i.e.,  there  no  method  conflicts). 
If  there  are  no  cycles  in  the  selected  methods,  the  solver  can  order  them  and  execute  them  to  satisfy  all  of 
the  constraints.  For  example,  given  the  constraint  A  -f  B  =  C  (represented  by  three  methods  C  *-  A  +  B, 
A*—C  —  B,  and  B C  —  A)  and  the  constraint  C  +  D  =  E  (represented  by  three  similar  methods),  the 
two  constraints  could  be  satMed  by  executing  the  methods  C  *— A +  B  and  E  *-C  +  D  in  order. 

For  a  given  set  of  ccmstraints,  it  may  not  be  possible  to  choose  methods  for  all  constraints  so  there  are  no 
method  conflicts,  or  there  may  be  multiple  ways  to  select  methods.  The  theory  of  constraint  hierarchies  [1] 
offers  a  way  to  control  the  behavior  of  a  constraint  solver  in  these  situations.  Given  a  constraint  hiaarchy, 
a  set  of  constraints  where  each  constraint  has  an  associated  strength,  a  constraint  solver  can  leave  weaker 
constraints  unsatisfied  in  order  to  solve  stronger  constraints.  Research  on  constraint  hierarchies  has  pro¬ 
duced  several  formal  definitions  for  the  *%est”  solution  to  a  constraint  hierarchy  that  ue  useful  in  different 
applicatiozu. 

The  DdtaBlue  and  SkyBlue  incremental  constraint  solvers  can  be  used  to  maintain  hierarchies  of  multi-way 
local  propagation  constraints  in  applications  such  as  user  interfaces.  Both  of  these  solvers  select  constraint 
noethods  to  construct  a  meihod  graph  (or  mgraph)  with  no  method  conflicts  where  stronger  constraints  are 
enfiwced  (have  a  selected  method)  in  favor  of  weaker  constraints.  More  formally,  they  construct  a  locally- 
gr^>h-better  (or  LGB)  method  graph,  where  a  method  graph  MG  is  an  LGB  method  gr^h  if  it  has  no 
method  conflicts  and  for  each  unenforced  constraint  C  in  MG  there  exists  no  conflict-free  nMthod  gr^h 
for  the  same  constraints  where  C  is  enforced  and  all  of  the  enforced  constraints  of  MG  with  the  same  or 
stronger  strength  as  C  are  enforced. 

DeltaBlue  was  the  basis  of  the  ThingLab  II  interactive  user  interface  development  environment  [5,  10]. 
SkyBlue  is  more  general  successor  to  DeltaBlue  that  satisfies  cycles  of  methods  by  calling  external  solvers 
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and  supports  multi-output  methods  (methods  that  set  multiple  output  variables)  [7,  8].  The  Multi-Garnet 
packa^  [9]  uses  the  Sky  Blue  solver  to  add  support  for  multi-way  constraint,  and  constraint  hierarchies  to 
the  Garnet  user  interface  toolkit  [6]. 

As  constraint  solvers  have  been  applied  to  larger  problems  it  has  become  clear  that  there  is  a  need  for 
constraint  network  debugging  tools.  In  order  to  debug  a  constraint  network,  the  programmer  needs  tools 
to  examine  the  constraint  network,  determine  why  a  given  solution  is  produced,  and  change  the  network 
to  produce  the  desired  solution.  We  have  created  a  system  for  intaactively  constructing  graphical  user 
interfaces  based  on  constraints  (maintained  by  SkyBlue),  and  debugging  the  constraint  networks  created. 
The  remainder  of  this  pi4>er  describes  the  debugging  fatties  of  this  system  and  presents  a  new  algorithm 
for  generating  all  LGB  method  graphs  for  a  set  of  constraints  that  promises  to  be  more  efficient  and  useful 
for  debugging  common  constraint  networks. 


2  Debugging  Constraint  Networks 

Figure  1  diows  two  views  of  a  simple  user  interface  constructed  using  our  system.  In  Figure  la,  the  two 
horizontal  lines  are  lined  up.  In  Figure  lb,  the  mouse  has  moved  the  left  endpoint  of  the  bottom  line. 
Constraints  keep  the  width  of  the  line  constant,  so  the  right  endpoint  is  moved  by  the  same  amount. 


Figure  1:  Moving  the  left  endpoint  of  a  constant- width  horizontal  line. 


This  figure  also  displays  the  constraints  relating  the  variables  zl  and  z2,  the  X-coordinates  of  the  two  ends 
of  the  bottom  horizontal  line,  to  the  variable  width,  the  difference  between  the  two  X-coordinates.  The 
constraint  zl  =  mouse.X  sets  zl  to  the  X-coordinate  of  the  mouse  position.  The  medium  stay  constraint 
(displayed  with  an  anchor  symbol)  on  width  prevents  the  solver  from  changing  this  variable.  The  weak  stay 
constraint  on  z2  is  not  enforced,  since  the  solver  cannot  satisfy  this  constraint  without  revoking  a  stronger 
constraint.  As  the  mouse  is  moved,  the  width  of  the  line  is  kept  constant. 

The  constraint  diagrams  present  information  about  the  constraints  (black  boxes)  and  variables  (white  boxes) 
including  names,  constraint  strengths^  and  variable  values.  The  connection  between  the  graphic  objects  and 
the  variables  specifying  their  podtions  (such  as  zl)  is  shown  by  positioning  the  variables  next  to  their  graphics 
(though  these  variable  boxes  can  be  moved  by  the  user,  if  the  display  gets  too  complicated).  These  diagrams 
also  show  how  each  variable  value  is  calculated;  the  arrows  indicate  the  variables  currently  determined  by 
the  selected  method  of  each  constraint.  If  the  constraint  is  not  enforced  by  any  method,  the  lines  to  its 
variables  are  dashed  (i.e.,  the  stay  constraint  on  z2).  It  is  possible  to  explain  the  derivation  of  a  variable 
value  by  examining  all  of  constraints  and  variables  upstream  of  the  given  variable. 

This  system  can  be  used  to  construct  complex  constraint  graphs,  and  experiment  with  the  behavior  of  the 
user  interface  as  constraints  are  added  and  removed.  We  have  developed  a  set  of  debugging  tools  that  present 
additional  information  such  as  disjoint  subgraphs,  directed  cycles,  or  directed  paths  between  two  variables. 
A  more  sophisticated  tool  analyzes  the  constraint  network  to  determine  why  a  particular  constraint  cannot 
be  satisfied,  identifying  those  stronger  constraints  that  prevent  the  given  constraint  from  being  enforced. 
Similar  tocds  have  been  developed  for  the  QOCA  toolkit  [2]  and  the  Geometric  Constraint  Engine  [4].  The 
following  section  describes  a  tool  for  examining  the  different  possible  LGB  mgraphs  that  the  solver  may 

*Tl>e  examples  in  this  paper  will  use  the  strength*  msx,  rtrong,  mediam,  and  west,  in  order  from  strongest  to  weakest. 
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produce,  and  pteaents  a  new  algorithm  for  generating  these  mgraphs.  Research  continues  on  developing  new 
debugging  tools,  improving  the  facilities  for  invoking  them,  and  presenting  the  results  of  their  analyses. 


3  Examining  Multiple  LGB  Method  Graphs 

When  debugging  a  constraint  network,  the  programmer  may  want  to  know  whether  the  constraints  specify  a 
unique  solution,  or  whether  the  solver  might  produce  different  solutions  at  different  times.  Some  constraint 
solvers  can  produce  different  possible  solutions  for  a  set  of  constraints,  such  as  the  CLPCli^)  system  that 
generates  symbolic  expressimis  representing  sets  of  multiple  solutions,  and  produces  alternate  solutions  upon 
backtracking  [3].  Examining  the  different  solutions  can  help  the  programmer  understand  the  constraint 
network,  and  determine  what  constraints  should  be  added  to  control  the  solver. 


Figure  2:  Moving  the  left  endpoint  of  a  horizontal  line  with  a  midpoint.  The  top  line  shows  the  initial 
positions  of  the  three  points.  Constraints  and  variables  downstream  of  the  mouse  constraint  are  highlighted. 


Given  a  hierarchy  of  multi-way  local  propagation  constraints,  there  may  be  more  than  one  possible  LGB 
method  graph  that  the  solver  could  use  to  maintain  the  constraints.  For  example,  consider  the  constraint 
network  shown  in  Figure  2.  In  this  situation,  there  are  three  ways  for  the  solver  to  maintain  the  constrsdnts: 
by  keeping  the  width  variable  constant  and  moving  the  line  (2a),  keeping  x2  constant  and  moving  the 
two  endpoints  inward  (2b),  or  keeping  z3  constant  and  solving  the  cycle  of  linear  constraints  to  position  x2 
between  zl  and  x3  (2c).  The  solver  can  be  forced  to  choose  one  of  these  behaviors  by  adding  stag  constraints 
to  variables  that  the  user  would  prefer  stay  constant  (2d).  Different  strength  stay  constraints  can  be  used 
to  specify  relative  preferences  for  which  variables  should  be  constant. 

In  this  example,  it  is  easy  to  manually  generate  the  possible  LGB  method  graphs.  This  is  much  more  difficult 
for  large  constraint  networks:  it  may  not  be  clear  whether  there  are  any  alternate  LGB  method  graphs.  We 
have  developed  an  algorithm  that  enumerates  all  possible  LGB  method  graphs  that  SkyBlue  could  produce 
for  a  set  of  constraints.  The  different  method  graphs  in  Figure  2  were  generated  in  this  way.  Work  continues 
cm  developing  better  ways  of  examining  a  set  of  LGB  method  graphs,  such  as  automatically  partitioning 
them  into  subdasses  depending  on  which  variables  are  constant.  Given  two  method  graphs,  it  may  not  be 
obvious  how  they  differ.  Took  have  been  created  for  comparing  two  or  more  method  graphs,  highlighting 
the  similatities  and  differences. 
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4  An  Algorithm  for  Generating  All  LGB  Method  Graphs 

We  have  developed  an  algorithm  for  enumerating  the  poeaible  LGB  method  graphs  for  a  set  of  constraints. 
This  algorithm  systematically  calls  the  SkyBlue  solver  to  increase  the  strength  of  unenforced  constraints, 
searching  for  alternate  method  gr^hs  where  these  constraints  are  enforced.  SkyBlue  incrementally  updates 
the  current  LGB  method  graph  as  a  constraint  is  added,  removed,  or  has  its  strength  changed,  so  it  is 
practical  to  change  constraint  strengths  repeatedly.  The  following  subsections  present  this  algorithm  in 
stages.  First,  we  present  an  algorithm  for  generating  all  sets  of  constraints  that  can  be  simultaneously 
enforced  in  an  LGB  mgraph.  Then,  this  algorithm  is  extended  to  generate  all  LGB  mgraphs. 

4.1  LGB  Enforced  Sets 

The  en/orced  set  (or  F-set)  of  an  mgraph  is  the  set  of  constraints  that  are  enforced  in  the  nograph.  The  E^-set 
of  an  LGB  mgraph  ate  known  as  an  LGB  E-set.  For  example,  Figure  3  shows  the  two  possible  LGB  mgraphs 
for  the  three  constraints.  These  mgraphs  have  E-sets  of  {Cl,  C2}  and  {C2,  C3}  respectively.  Sometimes  it 
is  useful  to  speak  of  the  E-set  for  the  constraints  with  a  particular  strength.  For  exaunple,  Figure  3a  has  a 
tirong  £-set  of  {C2},  and  a  weak  E-set  of  {Cl}. 


Figure  3:  Two  LGB  mgraphs  with  different  LGB  E^sets. 


Note  that  no  LGB  E)-set  for  a  set  of  constraints  can  be  a  proper  subset  ox  another  LGB  E)-set.  Suppose  that 
El  and  Ej  are  the  E>4ets  for  two  LGB  mgr^hs  Afi  and  M3  for  the  same  set  of  constraints.  If  Ei  were 
a  proper  subset  of  E3,  this  would  imply  that  every  constraint  enforced  in  Mi  is  enforced  in  M3,  and  M3 
contains  at  least  one  enforced  constraint  that  is  unenforced  in  Mi ,  hence  Mi  would  not  be  an  LGB  mgraph. 

4.2  Pinning  Constraints 

Consider  an  LGB  mgraph  for  a  set  of  constraints.  If  ail  of  the  constraints  are  enforced,  then  there  is  only 
one  possible  LGB  E-set  for  these  constraints.  If  some  of  the  constraints  are  unenforced,  then  there  may  be 
other  LGB  mgr^hs  for  the  constraints  where  some  of  the  currently-unenforced  constraints  are  enforced  and 
other  currently-enforced  constraints  are  unenforced.  The  question  is  bow  to  generate  them. 

Suppose  that  we  start  with  the  LGB  mgraph  of  Figure  3a.  All  of  the  strong  constraints  are  enforced,  so 
aU  LGB  mgraqxhs  for  these  constraints  will  have  a  strong  E-set  of  {C2}.  Consider  the  unenforced  weak 
constraint  CZ.  Suppose  that  we  changed  the  strength  of  C3  to  be  slightly  stronger  than  weak.  In  this  case, 
C3  would  be  enforced  and  Cl  would  be  revoked,  leading  to  the  mgraph  in  Figure  4  (the  only  LGB  mgraph 
for  the  modified  constraints).  This  mgraph  has  an  E)-set  of  {C2,C3},  the  same  as  Figure  S  . 


Figure  4:  Increasing  the  strength  of  C3  to  produce  a  different  E^set. 


For  each  constraint  strength  str,  define  the  pin~strengih  of  str  as  another  strength  that  is  slightly  stronger 
than  str,  and  weaker  than  the  next  stronger  constraint  strength.  The  act  of  increasing  the  strength  of  a 
constraint  to  its  pin-stroigth  (i.e.,  the  pin-strength  between  its  normal  strength  and  the  next  constraint 
strength)  is  called  ‘ginning”  the  constraint.  Pinning  different  constraints  can  produce  LGB  mgraphs  with 
different  E^sets,  as  in  Figure  4. 

An  important  fact  about  pinning  is  that,  no  matter  what  combination  of  constraints  are  pinned,  the  selected 
methods  in  the  resulting  LGB  mgraph  will  specify  an  LGB  mgraph  for  the  original  (unpinned)  constraints. 
The  algorithm  described  in  the  next  section  systematically  pins  unenforced  constraints  to  generate  different 
LGB  mgraphs  for  the  original  constraints,  and  collects  their  E!-sets. 
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4.3  Generating  LGB  E2-Sets 

Figure  5  presents  pseudocode  that  generates  ail  of  the  LGB  &sets  for  a  set  of  constraints,  gst.sssts 
simply  initializes  global  variables  containing  a  list  of  the  constraints  we  are  interested  in  (*cns*),  a  list  of 
the  collected  El-sets  (assets*),  and  a  procedure  to  be  called  to  save  each  El-set  (*8ave_proc*).^  In  this  case 
*savs_proc*  is  set  to  the  procedure  savs.sast,  which  adds  the  El-set  for  the  current  mgraph  to  *sssts* 
if  it  isn’t  there  already.  After  setting  the  global  variables,  gst.essts  calls  pin_cn8,  which  pins  different 
combinations  of  constraints,  calling  *saTs_proc*  to  process  each  of  the  resulting  LGB  mgraphs. 

gst_*ssts(cns) 
sens*  :3  cns 
**s*ts*  :«  {} 

*saTs_proc*  savs.sast 
pin_cns({}.  {},  {},  cns) 
rsturn  *sssts* 

savs.sast () 

ssst  :*  collsct  list  of  all  snlorcsd  constraints  in  *cns* 
add  ssst  to  *sssts*  if  it  is  not  alrsady  thsrs 

pin.cns (pinned,  unpinned,  cns,  usaksr.cns) 

If  cns  contains  any  unenforced  constraints  then 
cn  choose  any  unenforced  en  in  cns 
,7  gentraie  eseU  with  cn  unpinned 

pin.cns (pinned,  unpinned  U  {cn},  cns  --  (cn),  vsaksr.cns) 

;;  generate  esets  with  cn  pinned 
pin(en) 

If  pinned  U  {cn}  are  all  enforced  then 

pin_cns (pinned  U  {en},  unpinned,  cns  -  {cn},  vsaksr.cns) 
unpin(cn) 

Else  If  vsaksr.cns  is  not  enpty  then 

;;  pin  all  unpinned  enforced  constraints  at  current  strength 
enforced.unpinned  all  enforced  constraints  in  unpinned  U  cns 
For  cn  in  enforced.unpinned  do  pin(cn) 

;;  process  next  weaker  cns 

next.strength  strongest  strength  of  constraints  in  vsaksr.cns 
nezt.cns  all  constraints  in  vsaksr.cns  vith  strength  next.strength 
pin_cn8({},  {},  next.cns,  vsaksr.cns  -  next.cns) 

,7  unpin  constraints 

For  cn  in  enforced.unplnned  do  unpin(cn) 

Else 

,7  <Ul  cns  processed:  save  current  state 
call  the  procedure  *save.proc* 

pin(cn) 

cn.original.streagth  :=  cn. strength 
change_strength(cn ,  get_pin.8trength(cn . strength) ) 

tmpin(cn) 

change.strength(cn,  cn.original_strengtb) 

Figure  5:  Pseudocode  to  generate  all  LGB  El-sets  for  cns. 

^AU  i^bal  variafalea  in  the  pseudocode  begin  and  end  with  an  asterisk.  AU  other  variables  are  local  to  their  procedures. 


Most  of  the  work  happens  in  the  recursive  procedure  pin_cne.  During  any  call  to  pin_cns,  it  is  processing 
the  set  of  constraints  at  a  single  strength  level.  The  arguments  pinned,  unpinned  and  cns  are  the  sets  of 
constraints  at  the  current  strength  level  that  have  been  pinned,  left  unpinned,  and  have  not  been  processed. 
»eaker_cns  contains  weaker  constraints  to  be  processed  later.  If  cns  contains  any  unenforced  constraints, 
one  is  chosen  (cn)  and  pinions  recurses  to  investigate  mgraphs  where  cn  is  not  pinned.  When  that  recursive 
call  returns,  cn  is  pinned.  If  cn  can  be  enforced  along  with  all  of  the  other  pinned  constraints,  then  pin.cns 
recurses  to  investigate  mgraphs  where  cn  is  pinned.  Finally  we  unpin  cn,  restoring  its  original  strength. 

If  there  are  no  unenforced  constraints  in  cns,  then  we  have  finished  processing  the  constraints  at  this  strength 
level.  Now  we  are  ready  to  proc^ses  the  weaker  constraints.  To  ensure  that  the  current  strength  El-set  doesn’t 
change,  all  of  the  enforced  constraints  that  haven’t  been  pinned  (enlorced_unpinned)  are  pinned.  Then 
pin_cns  recurses,  extracting  the  constraints  with  the  next- weaker  strength  from  ueaker.cns.  Note  that 
when  pin_cns  is  initially  called  from  get.esets  the  first  three  arguments  are  all  empty  sets,  so  pin_cn8 
just  extracts  the  strongest  constraints  from  veaker.cns  and  recurses. 

When  all  of  the  constraints  have  been  processed  *8ava_proc*  is  called  to  save  information  about  the  current 
LGB  mgraph  (get.esets  sets  this  to  save.eset,  which  saves  the  current  LGB  B-set). 


4.4  Why  get.esets  Generates  All  E}>Sets 

Since  get.esets  only  modifies  the  mgraph  by  pinning  constraints,  every  El-set  collected  is  a  correct  LGB 
El-set  for  the  original  constraints.  To  show  that  get.esets  is  correct,  we  need  to  show  that  every  possible 
El-set  is  generated.  Suppose  that  this  were  not  true,  and  there  was  a  set  of  constraints  cns  with  an  LGB 
El-set  E  that  was  not  generated  by  get.esetsfcns).  Consider  the  tree  of  recursive  calls  to  pin.cns  caused 
by  get.esets  (cns).  Figure  6  shows  part  of  such  a  tree,  where  first  Cl,  and  then  C2,  are  found  to  be 
unenforced,  and  then  either  left  unpinned  or  pinned  during  different  recursive  calls. 


pin-cns(0, 0.  {C1,C2,...},  {...}) 

I  Cl  pinned^ 

pin-cns(0,  (Cl).  {C2,„.},  {...})  pin-cns({Cl},  0,  {C2„..},  {...}) 

C2  mpintMd  *  j 

plrHCiw(0,  {C1.C2},  {...))  pln-cns({C2},  {C1>,  {...» 

Figure  6:  Partial  tree  of  recursive  calls  to  pin. cns. 


Consider  tracing  down  this  tree,  following  each  branch  that  pins  a  constraint  in  E,  and  each  branch  that 
leaves  unpinned  a  constraint  that  is  not  in  E.  For  example,  if  E  contsuned  C2  and  did  not  contain  Cl,  one 
would  follow  the  branches  with  boxed  labels  in  Figure  6.  Note  that  every  time  a  constraint  in  £  is  pinned 
it  must  be  possible  to  enforce  it  along  with  the  other  pinned  constraints,  since  E  is  the  El-set  for  an  LGB 
mgraph,  so  all  of  the  constraints  in  E  must  be  simultaneously  enforcible.  Eventually,  you  will  reach  a  leaf 
of  the  tree,  and  ssavs.proc*  will  be  called  to  process  the  current  mgraph. 

We  claim  that  the  El-set  of  this  leaf  mgraph  is  exactly  E.  First,  all  of  the  constraints  in  E  that  were  found 
unenforced  in  cns  and  pinned  are  enforced.  Consider  some  other  constraint  cn  that  is  in  E  but  was  not  found 
unenforced  in  cns.  It  must  not  have  been  removed  from  cns,  since  the  only  way  constraints  are  removed  from 
cns  is  when  they  are  considered  for  pinning,  and  if  this  had  happened  then  cn  would  have  been  explicitly 
pinned.  Since  it  wasn’t  removed  from  cns,  then  it  must  have  been  enforced  when  that  strength  level  was 
processed,  and  hence  it  was  pinned  when  going  to  the  next  strength  level.  Therefore,  it  must  be  enforced 
in  the  final  mgraph,  and  all  of  the  constraints  in  E  must  be  enforced.  Finally,  consider  some  constraint  cn* 
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that  is  not  in  £.  If  it  was  enforced,  then  there  would  be  an  LGB  mgraph  where  all  of  the  constraints  in  E 
'  plus  another  constraint  cn'  are  enfqrced,  in  which  case  E  would  not  be  the  E-set  of  an  LGB  mgraph.  Thus, 
we  have  shown  that  exactly  those  constraints  in  E  are  enforced  in  the  leaf  mgraph. 

4.5  Generating  Results  Multiple  Times 

The  procedure  save.eset  is  written  to  add  the  ciurent  E-set  to  the  list  eesets*  only  if  it  is  not  there 
already.  This  is  necessary  because  get.esets  may  generate  the  same  E-set  multiple  times  if  constraints 
have  multi-output  methods.  For  example,  suppose  we  call  get.esets  on  the  three  strong  constraints  Cl, 
(72,  and  CZ,  whose  current  mgraph  is  shown  in  Figure  7a.  The  clock  diagram  indicates  that  Cl  has  a  single 
method  which  outputs  to  both  VI  and  1^2  (this  diagram  is  not  shown  for  constraints  with  a  single-output 
method  outputting  to  each  of  their  variables).  If  we  pin  C2  and  not  CZ,  we  produce  the  mgraph  of  Figure  7b, 
and  collect  its  &set.  On  backtradcing,  if  we  leave  C2  unpinned,  and  pin  CZ,  we  will  produce  Figure  7c, 
which  has  the  same  E-set. 


Figure  7:  Starting  with  mgraph  (a),  get.esets  may  collect  the  same  E-set  multiple  times  (b,c). 


4.6  Collecting  Some  LGB  Method  Graphs  by  Adding  Stay  Constraints 

It  would  be  possible  to  modify  save.eset  to  collect  the  enforced  constraints  along  with  their  current  selected 
methods  when  it  is  called  within  get.esets.  If  the  given  set  of  constraints  had  exactly  one  LGB  mgraph  for 
each  LGB  E-set,  this  would  collect  all  of  the  LGB  mgraphs.  However,  if  there  axe  multiple  LGB  mgraphs 
that  have  the  same  B^-set  (Figure  8),  there  is  no  guarantee  that  they  would  all  be  generated  by  get.esets. 


Figure  8:  Three  possible  LGB  mgraphs  for  {Cl,  C2}. 


One  thing  that  distinguishes  different  LGB  mgraphs  with  the  same  E-set  is  the  sets  of  variables  that  are 
determined  and  undetermined.  This  observation  can  be  used  to  generate  these  different  LGB  mgraphs: 
Given  a  set  of  constraints  cns,  let  v-uieak  be  a  strength  weaker  than  any  of  these  constraints.  For  each 
of  the  variables  that  can  be  determined  by  any  of  the  constraints’  methods  (the  potential  outputs  of  the 
constraints),  add  a  new  stay  constraint  with  strength  v-weak.  (Consider  an  LGB  mgraph  for  this  extended 
set  of  constraints,  cns'.  The  selected  methods  for  cns  in  the  extended  mgraph  define  an  LGB  mgraph  for 
cns  alone,  since  none  of  the  v-weak  stay  constraints  can  effect  which  stronger  constraints  are  enforced,  but 
they  can  effect  the  selected  methods  used  to  enforce  stronger  constraints.  Calling  pin.cas fens')  will  pin 
all  of  the  constraints  including  the  v-weak  stay  constraints,  generating  different  LGB  mgraphs  for  cns.  For 
example,  Figure  9  shows  how  extra  v-weak  stay  constraints  added  to  the  constraints  from  Figure  8  can  be 
piimed  to  generate  the  mgraphs  in  Figure  8a  and  8c. 


Figure  9:  Pinning  extra  stay  constraints  to  generate  different  LGB  mgraphs  for  {C1,C2}. 

Figure  10  presents  pseudocode  that  creates  the  extra  vctriable  stay  constraints  and  passes  all  of  these  con¬ 
straints  to  pin.cns,  which  will  generate  different  LGB  mgraphs  for  cns.  Note  that  *8ave.proce  is  set  to 
the  procedure  savejagraph,  so  it  will  be  called  to  save  the  current  mgraph  (including  selected  methods) 
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within  pin_cn«.  *cns*  does  not  include  the  extra  variable  stay  constraints,  since  we  are  only  concerned 
with  collecting  the  method  graphs  for  the  original  constraints. 

g«t_soBe_lgb_Bgraphs ( cas ) 

•cns*  cns 
*agraphs*  :s  {} 

*sav«_proc*  :=  save_Bgraph 
;;  add  stays  to  output  variables 

var.stay.strength  :s  any  strength  weaker  than  all  oi  the  constraints  in  cns 
potent ial_otttpiit8  a  list  of  all  potential  output  variables  for  cns 
output.var.stays  :=  a  stay  constraint  with  strength  var.stay.strength 
for  each  var  in  potential.outputs 
For  cn  in  output. var.stays  do  add.constraintfcn) 

;;  generate  mgraphs  for  constraints,  including  extra  stays 
pin_cn8({},  {},  {},  cns  U  output.var.stays) 

;;  remove  added  stays 

For  cn  in  output.var.stays  do  reaove.constraintCcn) 
return  vagraphs* 

8ave.ngraph() 

■graph  For  cn  in  vcns*  collect  cn  and  its  current  selected  at 
add  B^praph  to  eagraphs*  if  it  is  not  already  there 

Figure  10:  Pseudocode  to  generate  some  LGB  mgraphs  for  cns. 

4.7  Collecting  All  LGB  Method  Graphs  by  Adding  Method  Variables 

There  are  two  situations  where  get.soae.lgb.agraphs  may  not  generate  all  possible  LGB  mgraphs  for  a  set 
of  constraints;  (1)  There  are  directed  cycles  of  methods.  The  constraints  {C1,C2}  in  Figure  11a  have  two 
LGB  mgraphs,  one  with  a  directed  cycle  in  each  direction.  Pinning  extra  stay  constraints  on  the  variables  will 
not  choose  one  mgraph  over  the  other.  (2)  There  are  constraints  with  “subset  methods,”  where  the  outputs 
of  one  constraint  method  are  a  subset  of  the  outputs  of  another  method  for  the  same  constraint.  This  is  rare, 
but  it  is  not  prohibited  by  the  definition  of  multi-way  local  propagation  constraints.  For  example,  constraint 
C3  in  Figure  lib  has  one  method  that  outputs  to  V7  and  VZ,  and  another  method  that  outputs  to  V^8. 
If  the  constraint  solver  always  chooses  the  second  method,  get.soBe.lgb.agraph8  will  never  generate  an 
mgraph  containing  the  first  method. 


Figure  11:  (a)  A  method  graph  with  a  directed  method  cycle,  (b)  A  constraint  with  subset  methods,  (c) 
Adding  extra  variables  to  (a).  Method  diagrams  are  shown  in  (a)  for  comparison  with  (c). 


Given  cycles  or  subset  tt  ;hods,  it  is  possible  to  generate  all  possible  mgraphs  using  the  pseudocode  of 
Figure  12.  This  code  modifies  every  constraint  that  has  more  than  one  method,  creating  an  extra  variable 
for  each  constraint  method,  and  adding  it  as  an  output  to  all  of  the  other  methods  of  the  constraint.  Applying 
this  to  Figure  11a  produces  Figure  11c,  where  the  new  vwable  XI  is  only  set  when  Cl  is  enforced  with  a 
method  other  than  its  second  method  (setting  V2  and  X2).  When  the  modified  constraints  are  passed  to 
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g«t_s«iia_lgb_Bg;riiphs,  and  v-weak  stays  are  added  to  these  extra  variables,  pinning  these  extra  stays  will 
try  all  of  the  methods  of  each  constraint,  if  they  are  allowed  in  an  hGB  mgraph.  Note  that  constraints  with 
only  a  single  method  do  not  need  to  have  any  extra  variables  added,  since  such  a  constraint’s  single  method 
must  be  used  whenever  the  constraint  is  enforced. 

g«t_all_lgb_agraph8 (cns ) 

;;  add  extra  variables  to  methods 

For  all  constraints  cn  in  cns  nitli  nors  than  one  netbod  do 
renove.constraint (cn) 

For  nt  in  cn.nethods  do 

T  create  a  nee  variable 

add  T  to  cn. variables 

add  V  to  the  outputs  of  all  of  cn’s  nethods  except  mt 
add_constraiat (cn) 

,V  add  extra  stays  to  variables,  and  generate  mgraphs 
■graphs  get_soae_lgb_agraph8(cn8) 

;;  remove  extra  variables  from  constraints  and  methods 
For  all  constraints  cn  in  cns  with  sore  than  one  aethod  do 
reaove.constraint (cn) 
restore  cn. variables 
restore  outputs  for  all  of  cn's  nethods 
add_constraint ( cn) 
return  agraphs 

Figure  12:  Pseudocode  to  generate  all  LGB  mgraphs  for  cns. 

The  pseudocode  removes  all  of  the  constraints  before  adding  the  additional  variables  to  the  methods,  and  then 
re-adds  the  constraints.  Likewise,  the  constraints  are  removed  before  removing  these  additional  variables.  If 
the  constraint  solver  had  an  entry  for  modifying  methods,  this  would  not  be  necessary. 

4.8  Evaluating  the  Algorithms 

We  are  currently  comparing  the  performance  of  get_all_lgb_agrapb8  to  alternate  algorithms  for  generating 
LGB  mgraphs.  An  earlier  algorithm  enumerated  all  possible  combinations  of  selected  methods  without 
method  conflicts,  collecting  all  mgraphs  that  were  LGB.  This  worked  well  for  small  networks,  but  was  much 
too  slow  for  large  networks  (taking  time  exponentiid  in  the  number  of  constraints).  Testing  shows  that 
gst_all_lgb_agraph8  is  mudi  faster  than  the  earlier  algorithm  for  many  sets  of  constraints  encountered  in 
actual  practice  (2  seconds  versus  22  minutes  for  one  set  of  17  constraints),  but  we  have  been  able  to  construct 
constraint  networks  where  it  is  significantly  slower  than  the  earlier  algorithm.  get_all_lgb^agraphs  appears 
to  be  most  efficient  when  there  are  only  a  few  possible  LGB  mgraphs.  In  the  absence  of  a  simple  way  to 
predict  which  algorithm  is  faster,  it  ought  be  reasonable  to  run  both  algorithms  in  parallel. 

The  different  algorithms  described  in  this  paper  may  be  useful  at  different  points  during  debugging, 
gst.sssts  can  be  used  to  determine  whether  a  given  constraint  is  always  enforced,  or  never  en¬ 
forced.  If  there  are  no  subset  methods  and  the  prograouner  doesn’t  care  about  the  directions  of  cycles, 
gst_8oas_lgbjigri9b8  can  be  called  instead  of  get_all.lgb_agraphs. 

These  algorithms  call  the  SkyBlue  constraint  solver  to  manipulate  the  constraints.  Therefore,  any  future  per¬ 
formance  improvements  to  SkyBlue  (or  other  algorithms  that  maintain  LGB  mgraphs)  will  directly  improve 
the  performance  of  these  algorithms. 
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5  Conclusions  and  Future  Work 


We  have  described  some  of  the  debugging  tools  included  within  our  system  for  interactively  constructing 
constraint-based  user  interfaces,  and  presented  a  new  algorithm  for  generating  all  of  the  LGB  method  graphs 
for  a  set  of  constraints.  This  algorithm  is  the  basis  for  a  powerful  debugging  tool  that  dlows  the  programmer 
to  explore  the  different  behaviors  that  can  be  produced  by  a  set  of  constraints. 

In  the  future  we  want  to  continue  developing  new  debugging  tools,  improving  the  facilities  for  invoking 
them  and  presenting  the  results  of  their  analyses.  We  also  want  to  conduct  user  testing,  to  determine  which 
debugging  tools  are  particularly  helpful  to  programmers  when  constructing  large  constraint  networks. 
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Abstract 

Constrsints  can  be  used  to  specify  and  muntain  spatial  relationships 
among  objects  in  a  geometric  design.  In  the  3-D  geometric  design  do¬ 
main,  the  diversity  of  possible  relationships  among  objects  makes  it 
difficult  for  the  designer  to  specify  useful  or  intended  relationships  in  a 
productive  and  intuitive  manner.  We  have  built  a  constraint-ba^  3D 
geometric  editor  called  DEVI  that  infers  possible  or  intended  relation¬ 
ships  among  objects  of  the  design.  DEVI’s  database  of  relationships 
between  design  primitives  can  be  extended  using  a  descriptive  language 
which  enables  the  developer  to  specify  a  set  of  rules  made  up  of  con¬ 
ditions,  to  be  satisfied,  and  inferences  to  be  made.  Each  rule  has  two 
parts;  the  first  is  a  boolean  condition  wherein  a  certain  situation  is 
described;  the  second  part  is  an  instruction  to  the  system  to  infer  the 
specified  constraint  (or  set  of  constraints)  if  the  boolean  condition  is 
true. 


1  Introduction 

Constraints  have  proven  useful  in  automatically  keeping  spatial  relationships 
satisfied  among  geometric  objects  in  a  geometric  design.  They  alleviate 
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much  of  the  tedium  involved  in  making  small  changes  and  then  propagating 
their  effect. 

Constraint-based  geometric-design  is  not  a  new  area.  Rossignac’s  CSG 
system  [Bx>8signac86]  allows  the  user  to  specify  models  in  terms  of  uneval¬ 
uated  constraints  that  are  evaluated  sequentially,  during  the  construction 
process,  in  a  user-speciiied  order.  Constraints  are  evaluated  by  perform¬ 
ing  ri^d-body  motions.  In  their  paper,  Kapur  et.al.  [Kapur91]  describe  a 
generic  model  for  representing  polyhedra  as  a  network  of  nodes  amd  con¬ 
straints.  Van  Emmerik’s  solid  modding  system  [vanEmmerik90]  is  an  ex¬ 
ample  of  a  constraint-based  modeUng  system  with  a  graphical  front-end  that 
allows  the  spediication  of  constraints  via  popup  and  cascading  menus. 

Constraints  thus  represent  a  signiiicant  advantage  in  geometric-design 
systems.  To  gain  this  advantage,  designers  have  to  invest  extra  effort  to 
specify  constraints.  Geometric-design  systems  usually  allow  a  fixed  number 
of  pre-defined  relationships  among  the  geometric  objects.  In  a  typical  inter¬ 
active  geometric  design  environment,  the  designer  would  create  the  geomet¬ 
ric  objects  using  menus,  positioning  and  alignment  tools,  and  teU  the  system 
how  he  wants  them  constrained  to  each  other.  The  designer  normally  knows, 
in  advance,  where  the  new  geometric  object  that  he  is  creating  should  be 
located  and  how  it  should  be  related  to  its’  neighbours.  He  therefore  tends 
to  create  a  situation  close  to  the  end-result  that  he  has  in  mind. 

To  make  the  process  of  specifying  relationships  simpler,  earlier  systems 
have  used  some  of  the  following  approaches.  VanWyk’s  automatic  drawing 
beautiiier  [vanWyk85]  looks  at  a  design  to  check  if  any  predefined  relation¬ 
ships  exist  and  makes  them  persistent.  This  approach  is  not  interactive. 
Converge  [SistareQO]  provides  a  "locus”  input  mode  for  constraints  wherein 
newly  created  geometric  objects  are  automatically  constrained  in  a  desired 
way  to  a  specified  existing  geometric  object.  It  is  an  improvement  over  the 
previous  approach  but  is  still  rather  limiting  because  it  forces  the  user  to 
switch  modes  constant  is  not  a  general  solution.  A  more  general  ap¬ 
proach  is  to  use  geomet  itext,  users’  actions  and  knowledge  of  geometric 
objects  and  thrir  possible  relationships  to  infer  what  the  user  is  trying  to 
do.  Variations  of  this  approach  have  been  used  successfully  by  a  few  sys¬ 
tems,  primarily  in  the  two-dimensional  domain.  Peridot  [Myers86]  uses  the 
‘demonstration’  metaphor  to  help  specify  constraints.  It  infers  the  relation¬ 
ships  of  the  users’  actions  to  user-interface  elements  during  a  demonstra¬ 
tion  sequence,  and  generates  code  to  handle  this  action  in  a  real  situation. 
Briar  [Gleicher92]  augments  snap-dragging  [Bier86]  by  making  the  relation¬ 
ships  persistent.  Rockit  [Karsenty92]  also  uses  augmented  snap-dragging 
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and  maintains  a  database  of  relationships  and  a  static  inference-rule  base 
—  it  allows  the  user  to  dynamically  change  the  conditions  that  determine 
which  rules  to  execute. 

The  last  approach  has  a  limitation:  it  is  difficult  to  extend  and  cus¬ 
tomize.  We  propose  to  extend  this  method  by  allowing  the  designer  to  write 
inference  rules  in  a  descriptive  language.  Each  rule  has  two  parts;  the  first 
is  a  boolean  condition  wherein  a  certain  situation  is  described  in  terms  of 
geometric  objects  and  the  geometric  constraints  relating  them;  the  second 
part  of  the  rule  is  an  instruction  to  the  system  to  infer  a  specified  constraint 
(or  set  of  constradnts)  if  the  boolean  condition  is  satisfied.  These  rules  are 
applied  in  response  to  interactive  events  like  creation  or  perturbation  of 
geometric  objects. 

In  this  paper  we  describe  in  detul  how  DEVI  infers  constraints  using  it’s 
knowledge  database  and  how  we  have  augmented  it  with  our  inference-rule 
approach.  For  a  general  introduction  to  DEVI,  please  see  [Thennarangam93]. 


2  DEVILS  Approach 

DEVI  is  a  constraint-based,  interactive  3D  geometric  editing  environment 
that  uses  flexible  user-interface  techniques  to  simplify  the  task  of  editing  3D 
geometry  (see  Figure  1).  DEVI  provides  an  interpretive  language  to  specify 
geometric  objects  and  the  constraints  between  them.  It  infers  constraints 
among  geometric  objects  as  they  are  created  and  manipulated.  These  in¬ 
ferred  constraints  subsequently  become  persistent  amd  are  maintained  by 
the  system.  In  order  to  help  understand  and  debug  the  design  in  a  graph¬ 
ical  fashion,  DEVI  presents  the  network  of  constraints  and  geometry  in  a 
constraint-network  browser  that  is  useful  in  determining  relationships  amd 
debugging  the  constraint  network  (see  Figure  1). 

DEVI  organizes  its’  constraint  network  as  a  partitioned  directed  graph. 
When  an  event  occurs  in  the  interactive  geometry  editor,  DEVI  quickly 
isolates  the  portion  of  the  design  that  will  be  adfected  by  the  event.  By 
default,  DEVI  only  tries  to  infer  constraints  between  selected  objects  and 
newly  created  or  newly  perturbed  objects  —  a  newly  created  object  is  auided 
to  the  current  selection.  This  limits  the  number  of  inferences  the  system  hats 
to  consider.  Experience  with  the  Druid  UIMS  [Singh90]  shows  that  designers 
tend  to  create  designs  incrementally  —  they  usually  create  related  pairts  of 
the  design  one  after  the  other,  rather  than  randomly.  DEVI  exploits  this 
fact.  In  case  it  maJces  more  thain  one  inference,  it  prompts  the  user  to  make 
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Hgure  1:  DEVI’s  User-InterfisKXi  -  Hie  top-left  window  is  die  design  work-area, 
lb  die  rigbt  ate  tbe  geometry,  ctxistraint  and  tools  palettes.llie  window  at  die 
bottom  depicts  the  constraint-network  teowser.  Ihe  user  can  edit  and  manipulate 
constraints  using  the  browser. 
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a  choice.  This  scheme  also  serves  as  a&  aid  in  case  the  designer  forgets  to 
specify  some  relationships  that  he  had  intended  to. 

Consider  the  process  of  solving  a  network  of  constraints.  DEVI’s  hybrid 
solver  propagates  known  values  about  the  constraint  graph  until  it  satisfies 
each  constraint  node.  Failing  to  do  so,  it  resorts  to  an  iterative  approach, 
using  Newton-Raphson’s  iteration  to  solve  the  set  of  algebraic  functions  that 
describe  the  constraint  network. 

A  minimization  function  is  defined  for  each  constraint.  When  this  func¬ 
tion  has  a  value  close  to  zero,  that  instance  of  the  constraint  is  considered 
satisfied.  In  fact,  DEVI  calls  the  algebraic  solver  with  a  single  constraint 
as  an  argument,  demanding  only  a  single  iteration  of  the  solver,  when  it  is 
propagating  values  in  the  constraint  network;  the  solver  tells  DEVI  whether 
the  constraint  is  satisfied  or  not.  DEVI  uses  this  property  to  infer  con¬ 
straints.  Consider  a  scenario  where  we  want  to  infer  a  constraint  between 
geometric  objects  A  and  B.  Assume  that  constraints  of  type  Ci  and  C2  can 
exist  between  the  geometric  classes  of  A  and  B.  We  compute  the  minimiza¬ 
tion  function  values  for  those  two  classes  of  constraints  i.e.  fci(A,B)  and 
fcj{A,B).  We  choose  those  values  that  are  smaller  than  some  threshold 
value.  If  there  is  more  than  one  such  value  then  the  u^  is  asked  to  make 
a  choice. 

For  the  sake  of  generality  and  robustness  of  the  solving  process,  one 
can  have  the  minimization  function  return  an  euclidean  value  that  is  rep¬ 
resentative  of  the  constraint.  See  [SutherlandSO]  and  [SistareDO]  for  further 
discussion  on  this  point.  For  example,  to  constrain  a  point  to  lie  on  a  plane, 
one  measures  the  distance  of  the  point  to  the  plane.  Algebraically,  this  can 
be  expressed  by  substituting  the  point  in  the  equation  of  the  plane.  With 
more  complicated  constraints,  it  is  not  easy  to  see  this  relationship. 

Consider  another  constraint  that  fixes  the  angle  between  two  planes  A 
and  B  to  be  d.  Let  =  {nsl,  where  tiji  and  na  axe. unit  normal 

vectors  to  planes  A  and  B  respectively.  We  could  express  the  function  we 
want  to  minimize  as  follows;  . 

fe  =  y/k\  +  k%-  2kAkBCOs9-  |nA  -  nal 
The  geometrical  interpretation  of  this  equation  is  as  follows; 

-b  ifc^  —  ik^ks  cos  6  is  the  desired  length  between  the  tips  of  the  vectors: 
nji  and  na,  when  they  aire  constrained  at  an  angle  9,  and  [n.^  -  na|  is  the 
current  length.  Obviously,  when  this  value  reaches  zero,  the  constraint  is 
satisfied. 

The  problem  with  this  approach  is  how  to  choose  an  appropriate  thresh- 
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old  value,  which  is  essentially  a  real  number.  This  number  might  not. have 
much  intuitive  value.  Since  the  designer  may  not  be  able  to  relate  too  well 
to  these  seemingly  obscure  numbers,  he  might  find  it  difficult  to  customize 
the  inferencing  process.  All  he  has  are  a  set  of  real  ntunbers  that  he  can 
manipulate  back  and  forth.  The  significance  of  this  number  is  determined 
by  how  the  system  translates  geometric  constraints  into  algebraic  equations 
that  can  be  minimized. 

Our  method  uses  familiar  termiaol(^  like  distance,  angle  etc.  Although 
the  solver  eventually  works  with  vectors  and  real  numbers,  the  designer 
thinks  in  terms  of  concepts  like  angles,  adjacencies,  equalities  and  distances. 
He  might  want,  for  example,  to  specify  that  angles  close  to  dS**  should  be¬ 
come  45**  angles  because,  presumably,  he  has  a  lot  of  45**  angle  situations  in 
his  design  and  he  does  not  want  to  go  through  all  the  trouble  of  explicitly 
constraining  them  each  time. 


Here  is  an  example  of  a  rule  written  in  this  language: 

RULE  RpC  POLYGOa  pi,  POLYGON  p2) 

IF  (  (ABS  (  AMGLE  (  pi.  p2  )  -  45  ))  <=  5  ) 

THEN 

INFER  CONSTRAINT  FIZANGLE  (  pi,  p2.  45  ); 

Based  on  this  rule,  the  system  automatically  constrains  the  planes  of  two 
polygons  to  lie  at  45**  to  each  other  if  it  detects  that  the  angle  between  them 
is  anywhere  between  40^  and  50**.  The  magic  number  5  here  represents 
the  desired  angular  tolerance  and  it  is  easy  to  imderstand  exactly  what  it 
represents  and  the  consequences  of  chan^g  this  number  to  suit  preferences. 
A  significant  advantage  of  this  approach  is  that  it  provides  a  way  to  limit  the 
problem  of  “over-generalization”  [Bo892]  with  inferencing  systems  —  that 
they  insist  on  making  inferences  that  the  tiser  did  not  intend. 

The  syntax  of  DEVI’s  inference  rules  is  simple  and  the  effort  involved 
in  creating  new  rules  is  well  worth  the  effort  in  terms  of  the  productivity 
gained  from  it. 

DEVI  stores  inference  rules  in  memory;  for  each  inference  rule,  a  record 
is  maintained  that  consists  of  it’s  name,  it’s  parameter  types  and  a  parse  tree 
that  is  evaluated  each  time  the  rule  is  triggered.  A  rule  is  triggered  if  it’s 
parameters  match  with  that  of  the  current  event.  Inference  rules  are  thus 
treated  like  geometric  or  constraint  objects.  They  can  be  created,  deleted 
or  modified. 
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3  Implementation 

DEVI  has  been  implemented  in  the  C4-+3.0  programming  language.  It  runs 
on  a  Silicon  Graphics  Indigo  Elan  workstation  running  IRIX  4.0.5F  and  the 
X11R4  Windows  system.  It  uses  the  Motif  1.1  toolkit  and  IrisGL  graphics 
libraries. 


4  Discussion 

We  have  presented  a  system  that  enhances  the  ease  and  functionality  of 
using  constraints  in  a  geometric-d^ign  environment.  DEVI  uses  constraint- 
inferencing  to  ease  the  effort  involved  in  specifying  constraints  in  the  3-D 
geometry  domain.  It  achieves  this  by  using  it’s  knowledge  of  geometric 
objects  and  their  possible  relationships.  It  also  provides  a  powerful  means  to 
extend  the  inferencing  process  by  allowing  the  user  to  write  inference  rules. 
To  our  knowledge,  DEVI  is  the  first  system  that  infers  spatial  constraints  in 
the  3-D  geometric  domain  and  provides  the  user  with  the  means  to  extend 
and  customize  the  system’s  constraint  -  inferencing  capability. 

Future  work  on  DEVI  will  concentrate  on  making  it  more  conversational, 
especially  offering  advice  on  the  degree  of  constraint  to  the  designer  and  de¬ 
tecting  and  warning  of  redundant  and  circular  constraints.  We  would  also 
like  to  provide  a  graphical  way  to  compose  and  edit  inference  rules.  Meta¬ 
mouse  is  a  2-D  drawing  program  [Maulsby89]  that  induces  picture-editing 
procedures  from  execution  traces  of  the  users  actions  at  work  —  it  performs 
a  localized  analysis  of  changes  in  spatial  relationships  to  isolate  constraints 
and  matches  action  sequences  to  build  a  state  graph  that  describes  what  it 
has  learned.  On  detecting  a  repitition,  it  uses  the  state  graph  to  predict 
further  actions.  We  are  not  sure  if  this  approach  can  easily  scale  to  three- 
dimensions,  given  the  inherently  much  greater  complexity  and  the  limita¬ 
tions  of  even  the  state-of-art  3-D  interface  systems.  Virtual  reality  systems 
will  probably  allow  this  area  to  develop  much  more. 
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1  Introduction 

A  finite  domain  constraint  system  can  be  viewed  as  an  linear  integer  constraint  system 
in  which  each  variable  has  an  upper  and  lower  bound.  Finite  domains  have  been  used 
successfully  in  Constraint  Logic  Programming  (CLP)  languages,  for  example  CHIP  [3], 
to  attack  combinatorial  problems  such  as  resomrce  allocation,  digital  circuit  verification, 
etc.  In  these  problems,  finite  domains  <iIlow  a  natural  expression  of  the  problem  con¬ 
straints  because  bounds  on  the  problem  variables  are  explicit  in  the  problem.  In  other 
problems  however,  for  example  in  temporal  reasoning  and  some  scheduling  problems, 
there  may  not  be  natural  bounds. 

For  these  problems,  a  standard  approjudi  has  been  to  use  ad  hoc  bounds,  giving 
rise  to  a  two-fold  problem.  If  a  bound  is  too  tight,  then  important  solutions  could 
be  lost.  If  a  bound  is  too  loose,  then  significant  inejEciency  may  restilt.  This  is 
because  the  algorithms  used  in  finite  domains  work  by  propagating  boomds  on  variables^ 
\mtil  certain  local  consistency  conditions  (for  example,  arc-consistency  [4,  11])  are 
achieved.  These  algorithms  have  the  disadvantage  that  they  reason  about  transitivity 
of  inequalities  in  an  iterative  manner;  for  example,  detecting  that  x  +  1  <  y  <  x, 
0  <  x,y  <  k  is  unsatisfiable  will  require  a  cost  proportional  to  k. 

We  thus  suggest  that  it  is  worthwhile  to  go  beyond  finite  domains  to  more  genered 
integer  constraints.  The  issue  then  becomes  the  trade-off  between  greater  expressive¬ 
ness  and  potentially  exponential-cost  constraint  solving.  In  this  abstract,  we  propose 
a  restricted  class  of  integer  constraints  v  .ch  can  be  solved  more  efficiently  than  in  the 
general  case,  but  which  remains  reasonably  expressive.  Furthermore,  our  algorithm 
can  be  extended  easily  to  accommodate  more  general  integer  constraints  (though  not 
in  all  cases),  and  it  also  combines  well  with  traditional  propagation-based  methods.  In 
this  abstract,  ovir  presentation  level  is  restricted  to  high-level  algorithmic  issues,  and 
we  do  not  address  specific  implementation  considerations. 

*IBM  T.J.  WaUon  Research  Center,  P.O.  Box  704,  Yorktovm  Heights,  NY  10598,  USA. 

^Depi.  of  Computer  Science,  Univ.  of  Melbourne,  Parkville,  Victoria  3052,  Australia. 

^And  other  domain  information,  in  general. 
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2  Integer  Constraints 

What  are  the  features  we  desire  of  an  integer  constraint  domain  and  solver  for  a  CLP 
system?  Clearly  soundness  is  essential.  Completeness  is  obviously  attractive,  but 
there  is  no  known  sufficiently  efficient  solver.  In  fact,  the  satisfiability  problem  for 
nonlinear  integer  constraints  is  undecidable,  so  completeness  is  impossible  to  achieve. 
The  problem  is  decidable  for  linear  integer  constraints,  but  it  is  NP*complete.  Thus  it 
appears  that,  in  the  context  of  a  CLP  system,  a  constraint  solver  that  handles  linear 
integer  constraints  will  necessarily  be  either  incomplete  or  inefficient.  In  practice,  the 
choice  taken  by  implementations  is  incompleteness  and  efficiency. 

Given  an  incomplete  solver,  it  is  highly  desirable  to  be  able  to  characterize  classes 
of  constraints  for  which  the  solver  is  complete.  On  the  practicad  front,  the  algorithm 
should  be  efficient,  incremental  and  should  support  backtracking.  Other  operations 
that  may  be  required  are;  the  ability  to  detect  groundness,  implicit  equalities  and 
constraint  entailment,  the  ability  to  extract  constraints  from  disjunctive  information, 
and  the  ability  to  eliminate  variables  (projection). 

Propagation-based  solvers  (e.g.  [4,  5])  are  a  prime  example  of  the  choice  of  an 
efficient  algorithm  which  is  relatively  incomplete.  These  solvers  are  complete  when 
each  of  the  constraints  they  handle  involves  only  a  single  variable.  Call  this  the  class 
of  (linear)  single- variable-per-inequality  (SVPI)  integer  constraints  In  general,  these 
propagation-based  solvers  handle  constraints  by  extracting  SVPI  information  from  the 
interaction  of  non-SVPI  constraints  with  SVPI  constraints.  These  solvers  satisfy  most 
of  the  efficiency  criteria  mentioned  above,  but  are  incomplete  and/or  inefficient  when 
handling  problems  with  variables  which  are  unbounded  or  have  very  large  domains. 

An  obvious  generalization  of  SVPI  is  the  class  of  (linear)  two- variable-per-inequality 
(TVPI)  integer  constraints.  This  class  appears  to  be  strictly  simpler  than  the  general 
problem  (rmlike  the  three- variable-per-inequality  problem).  There  is  a  strong  analogy 
here  with  the  corresponding  problem  over  the  real  numbers.  There,  current  algorithms 
for  deciding  real  TVPI  constraints  (e.g.  [2])  are  more  efficient  than  current  algorithms 
for  arbitrary  real  linear  constraint  solving.  Certainly  integer  TVPI  constraints  are  far 
more  expressive  than  SVPI  constraints:  for  example  we  can  encode  constraints  such  as 
X  mod  11  €  {1,5}  by  X  >  lly-}-l,x  <  lly-f5,  x  >  llz4-5,x  <  llz-fl2.  Surprisingly, 
solving  integer  TVPI  constraints  is  also  NP-complete  [9].  However  TVPI  constraints 
seem  more  directly  amenable  to  transitivity- based  methods  similar  to  those  used  for 
real  constraints  [1,  2,  14]. 

A  class  of  constraints  intermediate  between  SVPI  and  TVPI  is  the  class  of  TVPI 
constraints  ax  +  by  <  d  with  unit  coefficients,  that  is,  a,  &  €  {—1, 0, 1}.  We  call  these 
unit  TVPI  constraints.  This  class  is  considerably  less  expressive  than  the  general  class 
of  TVPI  constraints  (for  example,  it  cannot  express  modulo  constraints).  However,  the 
constraints  are  sufficient  for  many  problems  in  temporal  reasoning  and  scheduling. 

Much  earlier,  Pratt  [12]  had  considered  a  restricted  class  of  unit  TVPI  constraints, 
those  of  the  form  ax  +  d  <  by,  a,b  ^  {0,1},  and  presented  an  efficient  algorithm 

^In  this  abstract  we  ignore  disequality  (y^)  constraints.  However  we  note  that  the  addition  of 
disequalities  such  as  z  y  to  the  class  of  SVPI  constraints  results  in  an  NP-complete  satisfiability 
problem  (see,  for  example,  [13]). 
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for  their  solution.  (Essentially,  the  integer  and  real  satisfiability  problems  for  these 
constraints  are  equivalent,  and  hence  real-based  methods  are  applicable.)  However, 
unlike  unit  TVPI  constraints,  this  class  is  not  expressive  enough  for  mzmy  problems. 
For  example  it  cannot  express  the  mutual  exclusion  -<(a;  A  y)  which  has  a  unit  TVPI 
representation  x  +  y<l,a:>0,y>0.  The  generalization  of  Pratt’s  class  to  permit 
any  positive  a,  6  can  be  solved  rising  arc-consistency  techniques,  provided  all  variables 
have  finite  domains  [4]. 

3  Unit  TVPI  Constraints 

At  the  heart  of  our  algorithm  is  a  general  framework  for  implementing  transitive-closure 
in  real  TVPI  inequalities.  This  is  described  in  the  next  subsection,  together  with  an 
adaptation  of  the  framework  to  deal  with  integers.  In  the  next  section  we  present  our 
algorithm  as  an  instance  of  the  (modified)  transitive-closure  algorithm. 

3.1  A  Transitive- Closure  Algorithm 

Shostak  [14]  gave  an  algorithm  for  satisfiability  of  real  TVPI  problems,  not  restricted 
to  unit  coefficients.  In  this  algorithm  every  single  variable  inequality  (i.e.  bound) 
is  converted  to  a  two  variable  inequality  by  adding  a  dummy  variable  vq  as  follows; 
*  <  10  becomes  x  -1-  Ovq  <  10.  We  give  2m  incremental  formulation  of  this  algorithm, 
which  m2dntains  integer  coefficients  for  integer  problems,  as  follows. 

A  singleton  set  of  TVPI  constraints  is  transitively  closed.  Given  a  transitively 
closed  set  of  TVPI  constraints  C  and  new  TVPI  constraint  c  =  ax  +  by  <  d.  Let 
C*  =  {cf  :  d  =  a'x  +  Vz  <  d',  a  x  a'  <  0,  </  €  C}.  Define  similarly.  The  transitive 
closure  of  C  U  {c},  is 

C7U{c}  U  {\aV\ez  +  \db\ft<\a*b\d'’+\a'b"\d+\aVy  : 
a'x  + 1.?  <d'e  C:,  b"y  +  ft  <  d"  €  Cj} 

U  {\a'\hy  -b  (afez  <  |a'|d  -F  |a|d'  ;  a'x  +  ez  <  d'  €  G“} 

U  {\l/'\ax+\b\ft<\b\df'+\b"\d  :  b"y  +  ft  <  d"  €  C^} 

The  system  C7u{c}  is  satisfiable  (in  the  reals)  iff  the  transitive  closure  does  not  contain 
a  constraint  of  the  form  0  <d  where  d  <  0  [14]. 

The  2dgorithm  is  immediately  applicable  to  integer  TVPI  problems,  but  it  is  not 
complete.  For  example,  consider  2x  +  2y  <  1,— 2i  +  —2y  <  —  1.  This  is  equivalent 
to  2x  -f-  2y  =  1  which  clearly  has  no  integer  solutions.  The  difficulties  arises  because 
these  inequalities  2ire  equivalent  (in  the  integers)  to  the  tighter  constrciints  x  -I-  y  <  0 

and  —a;  -I — y  <  — l. 

We  extend  Shostak’s  algorithm  by  adding  tightening  constraints.  The  tightening 
constraints  of  C,  denoted  tightening{C),  axe 

{a/kx  +  b/ky  <df  I  ax-l-6y<de  C',ycd({|a|,  |6|})  =  ib,  ib  ^  l,d'  =  Ld/jbJ,d'  <  d/k} 
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For  example  tightening{{2x  +  2y  <  1,  — 2x  +  —2y  <  — 1})  is  {i  +  j/  <  0,  — x  —  y  <  —  1}. 
The  tightening  constraints  give  more  information  so  that  we  are  more  likely  to  find 
unsatisfiability. 

Once  we  have  determined  tightening  constraints  they  need  to  be  added  and  their 
transitive  consequences  foxmd  as  above.  By  interleaving  tightening  and  transitive  clo¬ 
sure  we  eventually  obtain  a  transitively  closed,  tightened  set  of  constraints,  given  the 
procedure  terminates.  We  conjecture  that,  for  integer  TVPI,  this  procedure  always 
either  detects  unsatisfiability  or  terminates.  In  the  case  of  tinit  TVPI  constraints,  it  is 
easy  to  show  this  is  true. 

Even  if  the  procedure  always  terminates  it  is  still  incomplete.  The  following  system 
provides  a  coxmterexample.  It  describes  a  unit  cube  with  several  edges  cut  off,  so 
that  no  comer  remains.  It  has  no  integer  solution,  but  each  real  projection  onto  two 
variables  has  an  integer  solution. 


H 

VI 

0 

z  <  1 

4x  +  3y 

< 

6 

— 3x  —  4y 

< 

-1 

4x  —  3z 

< 

3 

— 3x  -I-  4z 

< 

3 

4y  —  3z 

< 

3 

— 3y  -1-  4z 

< 

3 

However,  the  algorithm  is  clearly  “more  complete”  than  boimds  propagation  which,  in 
the  TVPI  case,  is  simply  the  application  of  transitivity  to  one  TVPI  constraint  and 
one  SVPI  constraint  (possibly  with  tightening). 

Clearly  the  above  procedure  is  naive  in  a  number  of  ways.  First,  corresponding 
to  tightening  we  also  wish  to  divide  the  coefficients  and  constants  of  each  constraint 
ax  +  by  <d  so  that  gcd{{a,  b,  d})  is  1.  Second,  we  can  eliminate  redundant  constraints 
that  are  generated  by  the  method.  Detecting  all  redundant  constraints  is  just  as  hard  as 
the  satisfaction  problem,  in  general,  but  some  kinds  of  redundancy  are  easy  to  detect. 
A  constraint  exp  <  d  is  quasi-syntactic  redundant  [6]  with  respect  to  constraints  C 
if  a  constraint  of  the  form  exp  <  d!  appears  in  C  where  d!  <  d.  Quasi-syntactic 
redundancy  is  particularly  easy  to  detect.  More  generally,  we  can  remove  any  TVPI 
constraints  involving  x  and  y  that  are  redundant  (in  the  reals)  with  respect  to  the 
other  X,  y  constraints. 

3.2  The  Unit  TVPI  Solver 

When  dealing  with  unit  TVPI  constraints,  the  trmsitive  closure  algorithm  above  pro¬ 
duces  new  unit  TVPI  constraints,  except  in  one  case.  Consider  C  =  {x-t-y<l,x-l-z< 
2}  and  the  addition  of  — y  +  — z  <  0.  One  of  the  consequences  is  2x  <  3  which  is  not  of 
the  correct  form.  But  we  can  always  simplify  such  constraints  to  have  unit  coefficients, 
in  this  case  x  <  1.  Moreover  this  is  the  only  way  in  which  tightening  is  possible. 

For  each  pair  of  variables  x,y  there  are  at  most  fo\ir  possible  non  quasi-syntactic 
redundant  constraints:  {i  +  y  <  di, x  —  y  <  (£2,  — x  -1-  y  <  <£3,  — x  —  y  <  (£4}.  Hence  the 


80 


maximviin  nximber  of  (non-redundant)  constraints  that  can  be  produced  by  closiure  un¬ 
der  transitivity  and  tightening  for  a  system  including  n  variables  is  2‘n?.  Quasi-syntactic 
redtmdancy  elimination  is  very  simple,  it  just  requires  maintaining  the  minimal  d  for 
each  of  the  above  constraint  forms.  This,  together  with  the  fact  that  no  tightened 
constraints  can  create  further  tightened  constraints,  gives  a  polynomial  time  bound  on 
the  algorithm. 

Given  a  new  constraint  ax  +  by  <  d  and  a  tightened,  transitively  closed  set  of 
constraints  C,  there  are  at  most  2n  constraints  in  C  involving  —ax  £uid  2n  constraints 
involving  —by.  Thus  the  cost  of  transitive  closure  is  0{n}).  Tightening  will  introduce 
at  most  2n  constraints,  all  of  which  are  bounds.  Further  transitive  closure  will  produce 
only  more  bounds,  and  at  most  2n  of  them  for  each  initial  bound.  Thus  tightening 
and  further  closure  also  has  cost  O(n^).  Hence  the  cost  of  producing  a  new  tightened 
and  transitively  closed  set  of  constraints  is  0(n^).  It  follows  that  the  cost  of  testing 
the  satisfiability  of  N  unit  TVPI  constraints  with  our  algorithm  is  O(N^)  in  time  and 
O(N^)  in  space. 

The  key  result  relating  tinit  TVPI  constraints  to  transitive  closure  and  tightening 
is  as  follows: 

Theorem  1  Let  C  be  a  set  of  unit  TVPI  constraints  that  is  closed  under  transitivity 
and  tightening.  Let  C|-x  denote  the  conjunction  of  constraints  in  C  that  do  not  contain 
X.  Then  3x  C  Gl-*  □. 

The  proof  follows  the  proof  of  the  corresponding  result  for  (arbitrary)  inequalities  over 
the  reals,  with  only  minor  modifications.  It  extends  to  general  TVPI  constraints  only 
to  the  extent  that  all  occurrences  of  the  eliminated  variable  have  only  unit  coefficients. 
Given  the  above  result  it  is  easy  to  show  that: 

Theorem  2  Let  C  he  a  set  of  unit  TVPI  constraints  that  is  closed  under  transitivity 
and  tightening.  Then  C  is  satisfiable  iff  it  does  not  contain  a  constraint  of  the  form 
0  <d  where  d  <0.  O. 

This  demonstrates  the  completeness  of  o\ir  algorithm.  Note  that  propagation-based 
methods  are  not  complete  for  unit  TVPI  constraints,  even  for  finite  domain  problems. 
Consider  the  following  sample: 

X  —  y  <  2 

X  +  y  <  1 

—x  +  z  <  —2 

— X  —  z  <  —1 

—20  <  ®,  y,  z  <  20 

Bounds  propagation  simply  determines  that  the  variables  lie  in  the  following  ranges 
—17  <  X  <  20,  —19  :<  y,  z  <  18.  In  fact  there  is  no  solution:  the  first  two  constraints 
imply  2x  <  3  and  hence  z  <  1;  the  second  two  constraints  imply  2z  >  3  and  hence 
z  >  2.  Our  approach  discovers  the  xmsatisfiability  essentially  by  following  the  above 
argument. 

Recently  we  have  learned  of  a  related  approach  [8]  to  testing  the  satisfiability  of 
general  integer  constraints  which  is  based  on  extending  Fourier’s  algorithm  for  the 
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reals  (see,  for  example,  [10])  to  integers.  The  relationship  between  this  approach  and 
our  algorithm  is  quite  close,  since  transitive  closure  can  be  thought  of  as  a  cumulative 
form  of  Fourier’s  algorithm  with  redtmdancy  elimination.  The  algorithm  of  [8]  is  not 
suitable  for  a  CLP  solver  since  it  is  not  incremental.  However  the  work  may  be  a  useful 
basis  for  extending  our  TVPI  algorithm. 

We  can  expect  to  improve  the  efficiency  of  the  approach  by  treating  equations,  for 
example  ®  +  y  =  3,  directly  rather  than  as  two  inequalities  x  +  y  <  3,  — x  —  y  <  —3. 
Any  unit  TVPI  equation  can  be  used  as  a  substitution  to  eliminate  one  of  its  variable, 
for  example  x  +  y  =  3  can  be  used  to  replace  each  occurrence  of  x  by  —y  +  3.  Note 
that  applying  such  a  substitution  to  a  unit  TVPI  constraint  either  maintains  the  unit 
TVPI  form  or  creates  a  constraint  of  the  form  2y  <  k  which  can  be  simplified  to  a  unit 
TVPI  constraint  (possibly  with  tightening). 

To  maintain  the  transitive  clostire  the  approach  above  is  modified  to  treat  an  equa¬ 
tion  X  =  t  as  follows:  add  both  the  inequalities,  x  <  t,  x  >  t,  and  close  under  transitiv¬ 
ity  and  tightening,  then  remove  inequalities  involving  x.  The  equations  are  maintained 
separately  in  Gauss-Jordan  normal  form  and  they  are  applied  as  substitutions  to  con¬ 
straints  that  are  added  later.  Note  that  we  need  to  fail  if  we  detect  equations  (after 
substitution)  of  the  form  2x  =  where  k  is  odd,  and  to  simplify  if  we  detect  equations 
of  the  form  2x  =  k,  where  k  is  even. 

Given  we  axe  keeping  the  equations  in  a  separate  tableau  it  seems  worthwhile  to 
extract  implicit  equations  from  the  inequalities.  When  we  detect  a  transitive  con¬ 
sequence  of  the  form  0  <  0  this  signals  that  the  inequalities  which  produced  it  are 
implicit  equations.  By  marking  these  and  waiting  till  the  closure  process  terminates 
we  can  extract  the  (marked)  implicit  equations,  place  them  in  the  equation  tableau 
and  simply  remove  the  inequalities  that  involve  a  substituted  variable. 

It  is  easy  to  extend  this  approach  to  perform  other  operations  of  interest.  Let  the 
active  store  denote  the  c\irrent  set  of  TVPI  constraints  in  the  computation,  closed  \mder 
transitivity  and  tightening.  Any  groundn^s  information  that  is  a  consequence  of  the 
active  store  will  appear  in  the  equation  tableau  (perhaps  through  implicit  equations). 
Constraint  entailment  can  be  simply  determined  because  of  the  following  result: 

Theorem  3  Let  cbe  a  unit  TVPI  constraint  and  let  C  be  a  satisfiable  set  of  unit  TVPI 
constraints  that  is  closed  under  transitivity  and  tightening.  Then  C  —*  c  iff  either  c  is  a 
tautology,  c  is  implied  by  the  SVPI  constraints  of  C,  or  c  is  quasi-syntactic  redundant 
with  respect  to  a  constraint  in  C  O. 

Hence  to  determine  whether  a  unit  TVPI  constraint  is  entailed  by  the  active  store 
we  simply  check  if  it  is  quasi-syntactically  redundant  or  implied  by  bounds  (after 
substitution).  It  is  straightforward  to  make  this  check  incremental.  Projecting  out  a 
variable  is  straightforward:  if  the  variable  appears  in  an  equation  this  can  be  rewritten 
to  eliminate  the  variable,  otherwise  all  inequalities  involving  the  variable  can  simply 
be  removed  (c.f.  Theorem  1). 

Using  the  result  of  Theorem  3  we  can  determine  unit  TVPI  consequences  of  the 
disjimction  of  two  tightened  transitively  closed  unit  TVPI  constraint  sets  C\  and  C2, 
as  follows.  For  each  inequality  form  ax  +  by  <  ...,  let  ax  <  <^  G  C„  6y  <  dj'  €  Ci,  and 
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ax  +  by  <  di  ^  Ci,  fox  i  =  1, 2®.  Then  ax  +  by  <d  is  a  consequence  of  Ci  V  Cj,  where 
d  —  max{min{di,  d^  -4-  if  a,  6  ^  0  and  d  =  max{di,  d^)  otherwise. 

The  set  of  such  constraints  describes  the  smallest  unit  TVPI  polyhedra  that  contains 
both  C\  and  Cj.  Ebctending  this  procedure  to  handle  separate  equations  is  reasonably 
straightforward.  This  procedure  can  be  the  basis  of  constructive  disjunction  in  this 
constraint  domain. 

3.3  The  Solver  in  a  General  Setting 

In  the  context  of  a  CLP  system  we  want  to  handle  a  larger  class  of  constraints  than  just 
unit  TVPI  constraints.  For  non-unit  TVPI  constraints  we  can  use  propagation-based 
methods  to  extract  SVPI  information  in  exactly  the  same  way  as  finite  domain  solvers. 
Note  that  the  bounds  on  variables  are  available  in  the  unit  TVPI  inequalities.  Applying 
propagation  to  unit  TVPI  constraints  is  unnecessary  as  they  are  completely  handled 
already.  We  can  use  the  equation  tableau  to  simplify  non  \init  TVPI  constraints  by 
substitution.  The  resulting  constraints  (possibly  after  tightening)  may  be  unit  TVPI 
constraints.  For  example,  applying  the  substitution  y  =  2  -f-  1  to  5x  -|-  3y  -I-  2z  <  7 
results  in  5x  -f  52  <  4  and  thus  x  -f-  2  <  0. 

An  alternative  is  to  apply  the  (incomplete)  method  of  section  3.1  to  all  TVPI  con¬ 
straints.  Non-TVPI  constraints  would  be  treated  by  propagation  methods,  as  above. 
This  would  provide  a  more  powerful,  but  more  expensive,  integer  solver.  The  choice 
between  these  alternatives  can  only  be  made  after  experimental  evaluation. 

4  Conclusion 

Unit  TVPI  constraints  are  sxifficiently  expressive  for  many  problems:  for  example  in 
scheduling  and  temporal  reasoning.  We  give  an  algorithm  for  incremental  satisfiability 
of  unit  TVPI  constraints.  Not  only  is  this  algorithm  efficiently  implementable,  it 
also  supports  efficient  implementation  of  entailment  detection,  including  entailment  of 
disjunctive  constraints,  and  projection.  Finally,  for  use  in  a  CLP  system,  constraints 
more  general  than  unit  TVPI  must  be  handled,  though  not  necessarily  in  a  complete 
way.  Our  algorithm  naturally  extends  to  (non-imit)  TVPI  constraints,  and  it  can  be 
augmented  with  a  boimds-propagation  technique  for  constraints  more  general  than 
TVPI.  An  implementation  of  the  solver  is  underway  as  part  of  the  development  of 
CLPCR)  [7]. 
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qUAD.CLP(R)  : 

ADDING  THE  POWER  OF  QUADRATIC  CONSTRAINTS 
GILLBS  PBSANT  *  AND  MICHEL  BOYER  * 

Abatract.  We  report  on  •  new  way  of  hmn<Uing  non-linear  arichiiietic  conatrainta  and  ita  im¬ 
plementation  into  the  QUAD-CLP(R)  Unguafe.  Important  propertiea  of  the  problem  at  hand  are  a 
diacretisatiaa  through  geometric  equivalence  rlaaaw  and  decompoaition  into  convex  pieces.  A  case 
analysis  of  those  equivalence  classes  leads  to  a  relaxation  (and  sometimes  recasting)  of  the  original 
conatrainta  into  linear  conatrainta,  much  easier  to  handle.  Complementing  earlier  expositions  in  [18] 
and  [If^,  the  present  focus  is  on  applications  upholding  its  worth. 

1.  Motivation.  This  paper  presents  the  constraint  programming  language 
QUAD-CLP(R)  which  offers  a  powerful  novel  solving  strategy  for  non-linear  arith¬ 
metic  constraints  under  the  computing  paradigm  of  logic  programming.  Emphasis 
will  be  given  here  to  the  techniques  involved  in  the  constraint  solver  for  quadratic 
constraints  over  R  and  to  applications  making  use  of  this  added  power. 

Despite  the  enormous  potential  of  non-linear  arithmetic  constraints  in  several 
spheres  of  scientific  activity,  typical  efforts  to  provide  for  them  amidst  constraint 
languages  have  brought  mostly  disappointments  as  the  resulting  solvers  either  lacked 
effectiveness  or  scalability. 

The  delay  strategy  implemented  in  languages  such  as  CLP(R)  [10]  and  PRO¬ 
LOG  in  [1]  yields  an  incomplete  solver  which  will  be  effective  only  if  the  problem 
under  att^  is  such  that  reasoning  about  linear  constraints  ultimately  becomes  suffi¬ 
cient.  Unfortunately,  this  is  seldom  the  case  for  interesting  problems,  even  very  simple 
ones.  One  classic  example  is  the  multiplication  of  complex  numbers,  which  can  be 
expressed  as  cnilt<(Rl,Il),(R2,I2),(Rl*R2-Iiai2,Rl*I2'fIt2*Il))  in  predicate 
calculus.  Among  interesting  queries,  CBnlt((R,I),(R,I),(-l,0)).”  requires 
reasoning  about  non-linear  system -R* I  =  R*I,  I*I  -1  =  R*R. 

QUAD'CLP(R)  can  easily  handle  this,  giving  the  answer: 

1*1 
R  »  0 

•••  Retry?  y 


I  »  -1 
R  w  0 

Retry?  y 

*♦*  Ho 

On  the  other  hand,  languages  like  CAL  [20]  and  RISC-CLP(Real)  [7]  bear  witness 
that  the  price  to  pay  to  adiieve  a  complete  solver  seems  to  be  the  use  of  costly 
computational  algebra  techniques  which  confine  their  usefulness  to  very  small  (albeit 
interesting)  problems. 

Our  ^i»oach,  introduced  in  [18] ,  takes  advantage  of  the  ease  with  which  quadratic 
constraints  can  be  replaced  or  approximated  by  linear  constraints.  It  is  therefore  es¬ 
pecially  well-suited  to  problems  involving  quadratic  and  linear  constraints.  There 

*  D<part«ai«it  dlnfonnatique  et  de  Recherche  Qp^ratiooneile,  University  of  Montreal,  C.P.  6128 
Sttoc.  centra-ville, Montreal,  Canada,  H3C  3J7  ({peaant.beyorlexiO.aieBtreal.CA). 
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Fig.  1.  The  cenetreint  t elver 


is  nevertheless  the  possibility  of  handling  general  arithmetic  constraints  by  breaking 
them  down  into  quadratic  components  through  the  introduction  of  auxiliary  variables 
(we  address  this  further  in  §5). 

Even  a  restriction  to  quadratic  constrmnts  still  provides  a  rich  and  expressive 
extension  to  the  domain  brought  about  by  linear  constraints.  Many  problems  and 
solutions  in  CAD/CAM,  spatial  databases,  motion  planning  and  graphics  are  nat¬ 
urally  expressed  through  them  [2][11][4][3].  They  have  also  been  used  in  seemingly 
unrelated  domains  sudi  as  molecular  biology  [14],  automobile  transmission  design  [15] 
and  electrical  engineering  [5]. 

The  rest  of  the  paper  is  organized  as  follows.  The  next  section  outlines  the  steps 
involved  in  the  quadratic  solver  of  QUAD-CLP(R)  .  Some  features  of  the  language 
and  system  are  described  in  $3.  A  large  part  of  the  paper  is  devoted  to  applications 
in  Solid  Modeling  and  Combinatorial  ^uch  problems,  described  and  analyzed  in  §4. 
Some  relations  to  other  work  are  established  in  $5. 

2.  The  Quadratic  Solver.  The  aim  of  this  section  is  to  acquaint  the  reader 
with  the  steps  taken  by  the  quadratic  solver  of  QUAD-CLP(R)  .  Details  and  proofs 
of  the  algorithms  involved  can  be  found  in  [17]. 

Figure  1  illustrates  some  of  the  interactions  between  the  quadratic  and  linear 
solvers.  The  latter  should  be  considered  here  a  black  box  relying  on  incremental 
versions  of  Gaussian  elimination  and  of  phase  I  of  the  Two-Phase-Simplex  method. 
Upon  encountering  a  constraint  in  the  course  of  the  computation,  we  first  classify  it 
as  either  linear  or  quadratic  according  to  its  syntax,  by  considering  the  number  of 
bound  variables  in  eadi  monomial  In  the  former  case,  it  is  directly  fed  to  a  solver 
for  linear  constraints.  In  the  latter,  it  goes  through  the  process  summarized  below; 

Step  1:  Discretiae.  Quadratic  arithmetic  constraints  offer  a  natural  geometric 
interpretation  which  leads  to  a  small  number  of  equivalence  classes.  For  example,  the 
constraint  -l-  -I-  ||zy  —  |y  +  |z  <  —19  belongs  to  the  class  parabola  whose 

*  For  siinplicity,  we  do  not  diwuw  here  the  cnee  of  monomiab  whose  degtee  is  >  3.  The  corre¬ 
sponding  constraints  could  be  broken  into  quadratic  pieces,  as  mentioned  previously,  or  just  delayed. 
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canonical  repretentative  is  the  algebraic  equation  of  the  corresponding  locus  in  stan¬ 
dard  position,  fr  (ill  this  case,  parameters  a  and  6  would  both  have  a  value  of  1). 
Those  geometric  equivalence  classes  allow  us  to  achieve  a  discretization  of  the  prob¬ 
lem.  This  first  step  identifies  the  geometric  equivalence  class  to  which  the  quadratic 
constraint  belongs,  producing  the  canonical  representative  and  a  transformation  ma¬ 
trix  (whose  geometric  interpretation  is  the  translation  and  rotations  needed  to  bring 
the  locus  to  standard  position).  The  computation  amounts  to  the  diagonalization  of 
a  real  symmetric  matrix. 

Step  2:  Simplify.  For  several  of  the  possible  pairs  {canonical  representative,  re¬ 
lational  symbol),  the  constraint  can  be  immediately  decided  or  replaced  by  an  equiv¬ 
alent  Boolean  combination  of  linear  constraints. 

Examples 

•  The  geometric  equivalence  class  of  — 481i*-l-216xy— 544y* 4-39461 -l-3272y  > 
37685  is  imaginary  ellipse.  The  pair  (  — ^  —  1  >  ^  (0)  )  reveals  that  the 
constraint  is  trivially  false. 

•  Constraint**— 4iy-b6xz—8xtu-f4y®—12yz-H6ytu-|-92^—24ztu-fl6u/*— 25  =  0 
is  classified  as  two  points,  leading  to  the  simplification  (x  —  2y  4-  3x  —  4u;  = 
5)  V(x— 2y-i-32— 4u/  =  —5).  The  unexpected  feature  of  this  example  is  that  a 
constraint  on  four  variables  falls  into  a  geometric  equivalence  class  seemingly 
reserved  to  constraints  on  one  variable.  This  degenerate  case  is  best  viewed 
through  substitution  v  =  x  —  2y  4-  3x — 4ts,  yielding  v*  —  25  =  0.  In  this  form, 
it  becomes  less  surprising  that  its  class  should  be  two  points  (v  =  ±5).  Note 
that  step  1  described  above  does  not  look  for  such  simplifying  substitutions 
but  nevertheless  produces  equivalent  results. 

Step  2(bis):  Approximate.  For  each  remaining  pair  {canonical  representative, 
rdational  symbol),  a  sound  approximation  made  up  of  linear  constraints  is  computed. 
The  strategy  leading  to  the  efficient  and  accurate  production  of  linear  approximations 
considers  a  Boolean  combination  of  convex  constraints  in  place  of  the  original  con¬ 
straint  (note  that  it  may  already  be  convex).  The  convex  pieces  are  approximated 
and  the  results  recombined.  That  Boolean  combination  may  be  equivalent  to  the 
initial  constraint,  in  which  case  it  will  be  termed  a  convex  expression,  or  constitute 
a  relaxation  of  it  and  will  then  be  called  convex  approximation.  In  both  cases  the 
resulting  combination  of  lineu  constraints  constitutes  an  approximation. 

Bringing  bade  the  example  of  step  1,  the  pair  (  x*  —  y  ,  <  )  indicates  a  constraint 
which  is  already  convex  and  for  which  we  can  compute  a  linear  approximation  such  as: 


0  <  y  A 
2.36522X  <  y  4- 1.39857  A 
-1.39857  <  y  4-  2.36522x  A 
0.662911x<y  4- 0.109863  A 
-0.109863  <  y  4-  0.66291  lx  A 


step  3:  Aea/ize.  Map  the  simplification  or  approximation  for  the  canonical 
representative  to  a  simplification  or  approximation  for  the  original  constraint.  This 
is  achieved  by  ‘Multiplying”  each  linear  constraint  in  the  Boolean  combination  by 
the  transformation  matrix.  The  result  of  step  3  is  in  turn  sent  to  the  linear  solver  to 
decide  upon  the  new  coUection  of  constraints.  If  it  was  an  approximation,  the  original 
quadratic  constraint  is  also  kept  (delayed). 

The  resulting  solver  is  not  a  complete  solver  since  it  partly  relies  on  approxim2t- 
tions.  It  nevertheless  exhibits  much  less  incompleteness  than  one  which  unilaterally 
sets  aside  non-linear  constraints.  Some  of  this  incompleteness  cam  actually  be  driven 
back  by  choosing  an  appropriate  size  for  the  approximations,  as  will  be  seen  in  the 
next  section.  Note  that  from  a  logic  programming  perspective,  the  nature  of  the 
approximations  g^erated  ensures  the  soundness  of  the  inference. 

3.  Features  of  the  System.  QUAD-CLP(R)  is  built  on  top  of  the  CLP(R) 
system,  which  allowed  us  to  concentrate  on  the  non-linear  component  of  the  solver. 
It  was  written  in  C  to  facilitate  its  integration  with  the  host  system  whose  source 
code  is  available  and  also  written  in  C.  We  discuss  some  of  the  additional  features 
provided. 

3.1.  A,V-bounds.  Recall  that  in  most  cases,  from  a  quadratic  constraint  is  ex¬ 
tracted  a  Boolean  combination  of  linear  constraints  which  is  sent  to  the  linear  solver. 
It  proves  conveiuent  to  write  that  Boolean  combination  in  disjunctive  normal  form: 

n  m 

VAcvi 

Each  disjunct  will  give  rise  to  a  solver  choice  point.  There  are  cases  where  n  can 
be  quite  large.  One  may  therefore  wish  to  specify  an  upper  bound  on  n  in  an  effort 
to  control  the  non-deterministic  behavior.  QUAD-CLP(R)  provides  the  user  with  a 
parameter,  the  V-bound,  which  has  the  desired  effect.  A  Boolean  combination  whose 
disjunctive  normal  form  exceeds  that  bound  will  not  be  sent  to  the  linear  solver.  Note 
that  setting  it  to  1  yields  a  deterministic  solver. 

The  A-bound  specifies  the  desired  size  of  an  approximation  to  a  convex  co.  at. 
Such  a  name  was  chosen  because  it  often  corresponds  to  an  upper  bound  on  m.  A 
default  value  of  4  has  been  found  adequate  experimentally  for  a  first  exploration; 
refined  approximations  can  always  be  tried  subsequently.  For  example,  the  following 
(unsolvable)  system  of  inequalities. 


< 

1 

< 

1 

X  -Py-I-  a  +  w 

> 

3 

required  approximations  of  size  7  to  decide  that  there  was  no  solution. 

3.2.  Output.  The  simplification  of  the  constraint  set  may  be  desirable  for  ef¬ 
ficiency  reasons,  since  it  reduces  its  size,  but  also  to  ease  the  understanding  of  the 
result  by  the  user,  when  the  answer  takes  the  form  of  a  collection  of  constraints.  Much 
research  has  been  devoted  for  exeunple  to  quantifier  elimination  in  the  special  case 
of  an  existentially  quantified  conjunction  of  linear  constraints,  in  an  effort  to  express 
the  output  in  terms  of  query  variables  only  [13][8][12][9][7].  We  discuss  here  another 
aqpect  of  simplification  brought  about  by  non-linear  constraints. 
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Seemingly  very  different  answers  such  as  481**— 216xy+544s^— 3946z-3272y+ 
6409  =  0  and  16z*  +  25y*  —  400  =  0  express  a  quite  similar  relationship  between  the 
variables  (valid  pairs  (x,  y)  lie  on  an  ellipse),  which  is  captured  by  the  concept  of 
geometric  equivalence  classes.  An  answer  like  the  first  one  can  be  complemented  by: 
real  ellipse:  foci  at  (7. 4, S. 8), (2. 6, 2. 2);  principal  axis  of  length  10 

Such  information  thus  allows  to  deepen  the  understanding  of  the  relationship 
between  the  variables  of  a  solution  or  may  help  to  determine  its  solvability  if  no 
conclusion  was  reached. 

Redundancy  in  the  solution  is  also  an  issue  of  simplification.  Let  us  mention  that 
the  detection  of  a  redimdant  linear  inequality  with  respect  to  a  quadratic  constraint 
can  in  some  cases  be  reduced  to  the  efficient  computation  of  a  supporting  hyper¬ 
plane.  Some  heuristics  can  also  be  applied  for  redundancy  detection  between  pairs  of 
quadratic  constraints  [18]. 

4.  Examples.  In  this  section  we  describe  two  applications  which  demonstrate 
the  expressiveness  and  efiBciency  of  QUAD-CLP(R)  . 

4.1.  Solid  Modeling.  We  consider  the  Point/Solid  Classification  and  Solid  In¬ 
tersection  problems  in  constructive  solid  geometry  (CSG).  In  such  a  representation 
scheme,  a  solid  is  built  by  combining  primitive  solids,  using  regularized  Boolean  op¬ 
erations  and  rigid  morions  (translation  and  rotations)  [6].  These  primitive  solids  are 
usually  chosen  among  the  parallelepiped,  triangular  prism,  sphere,  cylinder,  cone  and 
torus.  The  regularized  Boolean  operations  are  (J*,  f)*  and  — *,  differing  from  the  set- 
theoretic  operations  in  that  the  result  is  the  closure  of  the  operation  on  the  interior  of 
the  solids.  A  solid  can  be  represented  as  a  tree  whose  leaves  are  primitive  solids  and 
whose  internal  nodes  are  the  operations  on  them  (an  example  is  given  in  figure  2). 

With  the  exception  of  the  torus,  every  primitive  solid  has  an  implicit  form  ex¬ 
pressed  in  terms  of  quadratic  and  linear  arithmetic  inequalities.  This  makes  it  partic¬ 
ularly  attractive  to  our  language.  For  simplicity,  we  shall  drop  the  regularization  of 
the  Boolean  operations:  in  some  applications,  this  is  even  desirable.  Constrrint  logic 
programming  allows  for  an  elegant  and  concise  solution  to  the  Point /Solid  Classifica¬ 
tion  problem,  which  consists  of  deciding  if  a  point  lies  inside  a  solid.  The  first  half  of 
this  solution  follows; 

%X  insid«(Point,  Solid):  Point  lies  inside  Solid. 
inside(Point,  8olid(and(Sl,S2))}  :- 

insideCPoint,  solidCSl}), 

insidefPcint,  solid(S2)). 
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insid«(PoiBt.  8olid(or(Sl.S2))) 
iasid«(Poiat .  ■olid(Sl}}; 
iasid«(PolBt ,  tolidCSS) } . 
iasid«(PoiBt,  •olid(BiBus(Sl.S2)}) 
iB«id«(Poiat ,  solid(Sl)), 
oatsid«(Poiiit ,  solid(S2) ) . 

Our  solution  also  has  the  advantage  of  replacing  the  need  to  spec  'y  rotations  and 
translations  to  ‘^ove”  the  solid  into  place  by  directly  giving  its  position  in  terms  of 
natural  parameters.  For  example,  solid(cylindar((l,l.l).(3,4.2}.S})  defines  a 
cylinder  of  radius  5  whose  axis  extends  from  (1, 1, 1)  to  (3, 4, 2).  Additional  rules  must 
be  written  for  each  of  the  primitives  and  we  give  one  of  them  below; 

XX  point  (Z.Y.Z)  lios  inside  prinitive  solid  "cylinder** . 
inside((X.T,Z),  solid(cylinder((X0,Y0.2C).(Xl.yi,Zl),R))) 

X  orientation  of  synetry  axis 
Vx  =  Xl-XO,  Vy  =  Yl-YO,  Vz  =  Zl-ZO, 

X  point  (Xp,Yp,Zp)  is  on  the  axis  of  synetry,  ... 

Xp  a  Vx*T  +  XO, 

Yp  a  Vy*T  +  YO. 

Zp  a  Vz*T  +  ZO, 

X...  inside  the  cylinder  ... 

T  >a  0,  T  <a  1, 

X  ...  and  on  the  plane  which  contains  (X,Y,Z)  ... 

X  ...  and  is  orthogonal  to  the  axis. 

Vx*(X-Xp)  +  Vy*(Y-Yp)  +  Vz«(Z-Zp)  a  o. 

X  constrain  the  cylinder 

(X-Xp)*(X-Xp)  +  (Y'Yp)*(Y-Yp)  +  (Z-Zp)*(Z-Zp)  <a  RsR. 

Solid  Intersection  problems  arise  not  only  when  we  want  to  avoid  overlapping 
objects  but  also  when  we  wish  to  eliminate  redundancies  in  the  representation  of 
a  solid.  A  common  ^proach  is  to  verify  a  criterion  for  non-intersection  obtained 
by  approximating  the  shape  of  the  solid,  usually  through  “box  approximations”  (see 
figure  3).  If  the  approximations  do  not  intersect  then  certainly  neither  do  the  solids. 
A  simple  extension  to  the  above  provides  a  solution: 

XX  solids  SI  and  S2  intersect. 
intersect(Sl,S2) 

insidefPoint,  SI), 
insidefPoint,  52). 

The  above  solution,  applied  to  the  Point/Solid  Classification  problem,  worked  in  a 
satisfactory  manner  given  a  suitable  linear  solver  (non-linearities  vanished  as  enough 
variables  were  fixed).  The  present  problem  on  the  other  hand  retains  non-linear 
constraints.  Here  the  strength  of  QUAD-CLP(R)  is  to  provide  for  free  a  behavior 
conceptually  similar  to  “box  approximations”  but  with  potentially  much  closer  ap¬ 
proximations. 


Fig.  3.  Box  approximation  of  a  cone. 


Fig.  4.  A  Solid  Inteneetion  problem. 


In  fact,  it  generates  approximations  with  “holes”  if  need  be.  For  example  in  the 
following  instance,  illustrated  in  figure  4,  the  conventional  approach  would  have  failed 
to  detect  the  non-intersection,  whereas  with  QUAD-CLP(R)  : 

?-  Bead  »  solid(Binns(spheTe(0,0,0,4), 

cylinder((-4,-4,-4) ,(4,4,4) ,2) ) ) , 

Veedle  =  aolid(cone((7,e,6),(-e,-5,-S),l)), 
intersect (Heedle,  Bead). 

>o 

4.2.  Combiiiatorial  Search.  We  examine  next  a  combinatorial  search  prob¬ 
lem  involving  Euclidean  distances  and  thus  quadratic  constraints.  Instances  of 
respectable  size  can  be  solved  in  a  reasonable  amount  of  time  through  a  simple 
QUAD-CLP(R)  program. 

Graph  Geometric  Embedding  :  Given  a  graph  G(V,S),  a  label  i{e)  €  Z'*' 
for  each  e  €  S  and  a  set  P  of  points  in  E’,  is  there  a  mapping  /  :  V  E^ 
such  that  P  C  codom(/)  and  V(v,»')  €  €,d[f(v),  f(v'))  <  f((v,u'))  (where 
d :  E^  X  E’  )->  R  is  the  Euclidean  metric)? 

Intuitively,  we  are  asked  to  cover  certain  points  in  E’  with  vertices  of  a  labeled 
graph  without  “breaking”  an  edge.  When  (V|  =  |P|,  a  simple  generate-and-test  ap¬ 
proach  will  solve  the  problem,  although  through  considering  ail  |V|!  possible  pairings. 
The  test-and-genwate  paradigm  associated  with  constraint  progreunming  may  accel¬ 
erate  our  inspection  by  pruning  the  search  tree.  If  |V|  >  |P|,  generating  cwdidate 
solutions  by  associating  a  different  vertex  with  each  point  in  P  will  leave  some  vertices 
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Fig.  S.  The  10;6  instance. 


p  =  {(0, 0).  (10, 0),  (4, 7),  (4, 0),  (4, 4).  (7. 3)}, 

V  =  {vl,  v2,  t;3,  u4,  «5,  tHS,  v7,  v6,  v9,  »10}, 

<((«!,  t»2))  =  3,<((ol,t;6))  =  S./((t.2,  v3))  =  1, /((v2,  i»7))  =  5,/((i;3,i/4))  =  3, 
/((t»3,  w6))  =  3,  t((v4,  «/5))  =  3,e((v4,  v7))  s  3,  /((i/4,  v8))  =  5,  /((w5,  t;9))  =  5, 
t((v6,  v7))  =  3, illv6,  v8))  =  1.  tl(v7,  v9))  =  1,  /((v7,  vlO))  =  5,  /((«8,  i»9))  =  3, 
i((v8,  «10))  =  3. 


"free”.  Testing  those  candidates  thus  requires  reasoning  about  quadratic  constraints. 

The  statistics  in  table  1  were  obtained  from  a  Bt:  dghtforward  program  imple¬ 
menting  the  test-and-generate  algorithm;  state  all  the  distance  constraints  implicit  in 
the  graph,  assign  vertices  to  points  in  P,  output  candidate  solutions.  The  tests  were 
run  on  a  SUN  SPARCstation  10/42.  The  problem  on  10  vertices  was  generated  by 
hand  (the  10;  6  instance  and  its  unique  solution  appear  in  figure  5).  As  for  the  rest, 
the  graphs  were  randomly  generated  with  an  edge-occurrence  probability  of  about 
0.4.  Points  in  P  were  distributed  on  a  square  grid  and  the  labels  ranged  from  1  to 
the  length  of  the  diagonal  of  the  grid. 

The  first  three  instances  were  run  on  both  the  QUAD-CLP(R)  and  CLP(R) 
systems,  in  order  to  compare  the  performance  of  the  quadratic  solver  with  that  of  the 
delay  strategy  implemented  by  the  latter.  Important  speed-ups  were  always  observed 
mainly  because  of  the  difference  in  the  number  of  nodes  which  were  expanded  in  the 
search  tree,  reflecting  the  amount  of  pruning  that  took  place.  A  notable  difference 
between  the  results  for  the  10;  10  and  10;  6  instances  is  the  number  of  candidate 
solutions  found  by  CLP(R).  These  instances  share  the  graph  and  six  points  of  P: 
the  first  one  includes  four  more  points  so  that  |V|  =  |P|.  Consequently  in  the  10;  10 
instance,  a  basic  pairing  procedure  guarantees  that  we  will  find  all  and  only  solutions 
to  the  problem,  regardless  of  the  strategy  used  to  handle  non-linear  constraints,  since 
the  distance  constraints  will  eventually  become  ground.  However  the  10;  6  instance 
brings  forth  the  incompleteness  of  a  solver  as  some  of  the  constraints  may  never 
become  ground  (or  even  linear)  during  the  search.  Thus  we  obtain  a  set  of  72  possible 
solutions. 

Larger  instances  (30  and  50  vertices,  about  180  and  500  quadratic  constraints 
respectively)  were  solved  on  QUAD-CLP(R)  only  as  the  20;  8  instance  was  already 
overwhelming  for  the  delay  strategy.  Despite  the  surprisingly  slight  increase  in  the 
number  of  nodes  aq>anded  as  the  problems  gun  in  size,  the  time  taken  grows  by 
several  orders  of  magnitude.  This  should  be  attributed  to  the  growing  system  of 
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Table  I 

Performance  etatutiee  Jar  the  Graph  Geometric  Embedding  problem. 


imuaaiaii 

language 

time  (sec) 

nodes  expanded 

#  solutions 

10;10 

QUAD-CLP(R) 

0.52 

38 

1 

4.94 

1674 

1 

10;6 

QUAD-CLP(R) 

0.54 

36 

1 

3.95 

1314 

72 

20;8 

QUAD-CLP(R) 

13.75 

35 

1 

nEfirikffilil 

>2  411  229 

>987  546 

30;10 

QUAD-CLP(R) 

276.54 

49 

0 

50;5 

QUAD-CLP(R) 

2  727.41 

51 

0 

inequalities  that  the  linear  solver  has  to  deal  with.  For  example  the  largest  instance, 
given  a  conservative  A~bound  of  4  (which  is  what  was  used  in  every  instance),  spawns 
a  dynamically  changing  system  of  around  2000  linear  inequalities  in  100  variables.  As 
the  linear  solver  relies  on  a  Simplex  algorithm,  basic  feasible  solutions  must  constantly 
be  found  at  the  cost  of  pivoting  operations. 

The  most  accurate  rendition  of  the  improvements  brought  by  the  approach  de¬ 
scribed  in  the  paper  must  be  found  in  the  pruning  of  the  search  tree  and  the  number 
of  candidate  solutions  offered. 

5.  Related  Work.  As  was  noted  in  $1,  computational  aJgebra  techniques,  cur¬ 
rently  still  very  expensive,  nevertheless  yield  a  complete  solver  through  a  uniform 
treatment  of  polynomial  constraints.  It  is  not  clear  how  well  the  approach  described 
in  this  paper,  whose  motivation  was  to  solve  quadratic  constraints,  can  perform  on 
arbitrary  polynomial  constraints.  The  introduction  of  auxiliary  variables  fragments 
the  original  constraints;  separately  considering  (and  most  likely  approximating)  each 
piece  may  yield  weaker  results.  Since  in  general  a  constraint  will  admit  several  possible 
fragmentations,  choosing  the  best  one  is  an  interesting  problem  in  its  own  right. 

As  an  illustration,  consider  the  following  system  of  non-linear  inequalities,  bor¬ 
rowed  from  [7]: 

s  >  0 

s^- 0.029901s’- 247.971s* -b  396.01s -245.03  >  0 
s^- 2.01005s’ -247.246s* -I- 400s -248.246  <  0 

Use  of  a  computer  algebra  pack^e  reveals  that  s  lies  somewhere  in  [14.93, 15.98]. 
One  possible  fragmentation, 

t  =  s* 
s  >  0 

<*-0.029901s<- 247.971s*-}- 396.01s -245.03  >  0 
t*-2.01005st- 247.246s*-}- 400s -248.246  <  0, 

run  on  QUAD-CLP(R)  ,  constrains  s  to  the  slightly  larger  interval  [4.61, 16.62]  whereas 

ti  =  s*,  «  =  1 . .  .8 
s  >  0 

<il2-0.029901st3-247.971t4-b396.01s-245.03  >  0 
t5t6-2.01005sl7- 247.24618  + 400s -248.246  <  0, 
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offets  a  vastly  different  result,  namely  ]0.00,  oo[. 

An  even  more  uniform  treatment  of  constraints  is  that  provided  by  the  language 
CLP(BNR)  [16].  Here  relational  interval  arithmetic  is  applied  to  reals,  integers  and 
booleans  alike.  A  parallel  can  be  drawn  with  our  approach  since  interval  arithmetic 
is  a  form  of  approximation.  Their  approach  to  constraint  solving  is  nevertheless  quite 
different  as  it  is  based  on  the  local  propagation  of  bounds  on  the  value  of  the  variables 
through  a  constraint  network. 

We  say  a  few  more  words  on  those  approximations.  In  the  context  of  quadratic 
constraints,  they  represent  a  special  case  of  ours.  Each  bound  of  an  interval  can  be 
viewed  as  a  linear  inequality.  The  size  of  such  an  approximation  for  a  constraint 
is  consequently  determined  by  the  number  of  variables  appearing  in  it  (4  with  2 
variables;  6  with  3  variables;  . . . )  and  the  approximation  itself  is  isothetic  (aligned 
with  the  coordinate  axes).  The  result  is  comparable  to  the  “box  approximations”  of 
§4.1.  It  may  be  sufficient  in  some  cases  but  is  certainly  less  powerful  in  general  (recall 
for  example  figure  4). 

6.  Conclusion.  This  report  presented  a  new  way  of  handling  non-linear  arith¬ 
metic  constraints  and  its  implementation  into  the  QUAD-CLP(R)  language.  Im¬ 
portant  properties  of  the  problem  at  hand  where  discretization  through  geometric 
equivalence  classes  and  decomposition  into  convex  pieces.  A  case  analysis  of  those 
equivalence  classes  led  to  a  relaxation  (and  sometimes  recasting)  of  the  original  con¬ 
straints  into  linear  constraints,  much  easier  to  handle.  Applications  in  Solid  Modeling 
and  Combinatorial  Search  showed  both  the  expressiveness  and  the  efficiency  of  such 
a  tool  within  a  constraint  language. 

The  latter  application  revealed  a  need  for  more  efficient  linear  solvers  when  con- 
fironted  to  large  systems  of  inequalities.  It  proved  to  be  a  bottleneck  for  the  speed  of 
the  quadratic  solver.  One  must  therefore  be  careful  when  considering  constraints  as 
language  primitives;  the  apparently  simple  addition  or  deletion  of  a  constraint  may 
hide  a  considerable  cost  in  problems  involving  a  large  number  of  construnts. 
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Abstract 

In  this  paper,  we  discus  CLP(S)  which  combines  logic  programming  with  constraint  solving  over 
strinps  and  show  how  CLP(5)  can  be  used  naturally  in  several  appUcatiou  ranging  from  natural  language 
processing,  to  encoding  of  genetic  operators  and  ONA  grammar  rules,  to  scene  analysis  in  iconic  image 
processing. 

Several  applications  in  artificial  intelligence  require  that  one  deal  with  information  which  is  not  as  precisely 
encodable  as  required  by  logic-based  systems.  In  recent  years  there  has  been  a  number  of  innovative  applica- 
ticms  in  new  fields  which  makes  additional  demands  on  the  representational  efficiency  of  logic-based  automated 
reasoning.  Some  of  the  noost  challenging  applications  have  come  in  diverse  fields  such  as  processing  textual 
data  [24],  processing  genome  sequences  (The  Genome  Project)  [3,  20,  21],  representing  and  reasoning  with 
visual  data  [8,  4],  storing  and  processing  musical  compositions,  natural  language  processing  [6],  etc.  These 
applications  have  some  characteristic  commonality  -  they  process  strings  (or  streams)  of  information,  the  data 
may  be  incomplete  and  may  require  approximate  reasoning.  String-based  logic  provides  a  tool  for  developing 
sudi  automated  reasoning  systems. 

Strings  can  be  loosely  defined  as  concatenations  of  variables  and  constants.  String  imification  is  difficult 
and  may  not  lead  to  a  unique  most  general  unifier  and  in  fact  there  may  be  an  infinite  number  of  maximally 
general  unifiers.  The  decidability  of  the  string  unification  problem  (also  called  as  the  word  problem)  was 
established  by  Makanin  [15]  and  procedures  based  on  his  teclmique  have  been  developed  by  other  researchers: 
Abdulrab  and  Pecuchet  [1],  Koscielski  [14]  and  Jaffar  [10].  But  such  procedures  are  not  suitable  for  use  in  an 
automated  reasoning  environment  or  in  a  logic  programming  language  because  of  their  generation  of  multiple 
(maxinaally  general)  unifiers  and  non-termination  when  there  are  infinite  number  of  such  unifiers.  In  [18,  16] 
(see  also  [17])  we  offer  a  solution  to  this  dilemma  through  cmtstraint  logic  programming  [11,  12,  23}.  is  to 
apply  constraint  solving  techniques,  instead  In  our  approach,  we  solve  the  problems  of  string  unification  by 
deferring  full  unification  and  performing  partial  unificaticm  at  resolution  step.  By  adapting  this  technique, 
we  generate  a  set  of  string  equations  at  each  step,  which  subsumes  the  sets  of  (possibly  infinite)  maximally 
general  unifiers.  We  define  a  notion  of  "partially-solved”  form  of  string  equations  and  devebp  an  algorithm 
for  obtaining  such  partially-sohred  forms  from  any  given  set  of  string  equations.  We  discuss,  in  detail,  the 
theoretical  and  procedural  aspects  of  CLP(5)  in  [18]  and  define  a  constraint-solver  which  can  be  used  to 
provide  a  sound  and  complete  query  answering  system  for  allowed  string  logic  programs. 

In  this  pq>er  we  only  provide  a  brief  overview  of  CLP(5).  We  mainly  concentrate  on  describing  applications 
in  CLP(5). 

1  CLP(<S)  -  Constraint  Logic  Programming  with  Strings 

In  CLP(5),  apart  from  terms  (built  from  constants,  function  symbols  and  variables)  which  can  be  used  as 
arguments  for  building  predicates,  there  is  a  new  set  of  constructs  called  strings.  Strings  are  built  with  string 
constants  and  string-variahU  names.  A  special  symbol  e  is  used  to  denote  an  empty  string.  Each  string- 
variable  name  has  a  parameter  associated  with  it  called  its  size,  which  limits  the  strings  that  can  be  bound  to 
the  variable  to  be  of  the  same  aze.  The  size  can  be  defined  by  a  positive,  integral  arithmetic  expression,  called 
the  iounis  expression  formed  using  honnds-constants  and  bonnds-variahle  names.  In  essence,  one  can  think  of 
the  set  of  string-variable  names  to  be  typed  (or  sorted)  by  their  size  and  are  limited  to  SM:quiring  values  of  the 

same  type  (sort).  We  denote  a  string  variable  in  the  following  way:  W,  where  W  is  a  string-variable  name 
and  t  is  a  boun^  ezpression  denoting  its  size. 

A  string  is  defined  recursively  as  follows:  an  empty  string  c  is  a  string;  its  size  is  0.  A  string-constant  is 

a  string;  its  size  is  1.  A  string-variable  W  is  a  string;  its  size  is  t.  If  Si  and  S2  are  strings  then  so  is  their 
concatenatim,  SiSj;  the  size  of  S1S2  is  the  sum  of  the  sizes  of  Si  and  5].  The  notions  ground  strings, 
string-atoms  and  string-UteraU  eure  defined  as  in  logic  programming. 
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A  string  equation  (or  constraint)  is  of  the  form  5i  =  5],  where  Si  and  5]  are  strings  and  =  is  a  predicate 
which  does  not  occur  in  the  vocabulary  of  the  logic  programming  language.  An  arithmetic  equation  is  of  the 
form  et  =  ej  where  ei  and  ej  are  arithmetic  expressions.  In  [1.7,  18]  we  provide  a  string  equational  theory  for 

A  CLP(^)  program  is  defined  as  a  finite  set  of  rules  of  the  form; 

A^—  C,Bi,...,Bn,  where  n>0,  A,Bi,...,B„  are  string  atoms  and  C  is  a  set  of  string  equations 
and  arithmetic  equations.  Whenever  a  string  variable  occurs  in  more  than  once  in  a  rule,  we  consider  it  to 
have  the  same  size  at  each  occurrence.  An  allowed  program  rule  is  a  CLP(5)  program  rule  in  which  every 
variable  in  A  also  occurs  in  J9i, . . . ,  Bn.  A  goal  is  of  the  form: 

*—  C,Bi,...,Bn  i.e.,  a  rule  without  a  head.  Some  examples  of  CLP(5)  program  rules  are: 

add(XA, y  0,  ZA)  *-  add(X ,Y,Z)  %  addition  as  a  shift  operation 

n-3  1  m  n-3  1  "*»  iwy..  ii.ii 

surfiolex{n,  W  NkoIX,  W  Ny  +  atX,  1)  *—  nejval{N).  %  a  C-msertion  morphological  rule 

(eg.  apply  -f-  ation  =  application) 

sameuobj(X,  X)  %  used  to  check  when  two  objects  are  identical  (unifiable) 

simjobj(X,Y)  *—  {X=Y}  %  can  be  used  to  check  whether  objects  are  approximately  identical.  This 

requires  using  approximate  string  equality  checking. 

Jaffar  and  Lassez  [11]  show  that  CLP  paradigms  can  generalize  the  Horn  logic  programming  semantics 
based  on  term  structures  (operational,  algebraic,  logical)  over  to  Horn  logic  programs  based  on  an  arbitrary 
structure  which  is  aolution-eompact  and  saiisfaction^compltte.  The  structure  (SU,=)  (=  is  equality  with 
associativity)  is  aohtiion-compact  and  aatiafaction-compUte  [11].  The  only  remaining  piece  in  the  puzzle  is  the 
definition  d[  constraint-solvers  in  the  string  domain  for  reducing  string  equations.  In  [18],  we  describe  such  an 
algorithm,  called  the  reduce  algorithm,  which  reduces  a  set  of  string  equation  into  an  equivalent  set  of  strings 
in  partially-solved  form.  The  reduce  algorithm,  used  in  conjunction  with  Gaussian  elimination  (for  solving 
arithmetic  equations  on  string  sizes)  provides  a  sound  and  complete  proof  procedure  for  allowed  programs, 
using  the  constraint  logic  programming  paradigm.  These  results  are  shown  in  [18].  The  reduce  algorithm 
is  si^ar  to  the  term  rule-based  unification  algorithm  (see  eg.  [13]).  This  allows  one  to  easily  incorporate 
^proximate  string  matching  techniques  during  the  reduction  process.  We  discuss  one  such  technique  later  in 
the  paper.  We  do  not  provide  the  definition  of  the  reduce  algorithm  and  the  theoretical  results  due  to  space 
constraints! 

Prolog  ni  is  another  example  of  a  string  processing  constraint  language  [5].  CLP(S)  differs  from  Prolog 
ni  in  several  ways;  mainly  in  the  association  of  an  explicit  size  factor  for  string  variables  and  in  allowing 
unrestricted  c<»>catenation.  The  integrated  structure  of  string-value  and  size  provides  several  advantages. 
First,  it  provides  a  notion  of  ‘types’  on  the  string  variables  and  allows  one  to  restrict  the  domain  of  values 
that  can  be  boimd  for  the  variable.  One  can  also  write  equations  (both  equality  and  inequalities)  on  sizes 
which  can  ease  and  speed-up  the  unification  process  by  allowing  one  to  solve  string  equations  using  algebraic 
equation  solvers  on  size-equaticns.  The  size  information  also  allows  one  to  effectively  detect  inequalities  in 
string  equations  and  fail  a  derivation  earlier  than  otherwise.  Moreover,  one  can  use  known  string  inequalities, 
such  asaS^  Sb  (where  5  can  be  taken  as  a  string  of  arbitrary  length),  to  fail  CLP(5)  derivations.  The  usage 
of  the  reduce  algorithm,  which  is  similar  to  a  rule-based  unification  algorithm  and  based  on  the  concept  of 
partially-solved  forms  of  string  equations,  is  also  unique  in  our  approach  and  allows  unrestricted  concatenation 
and  sub-string  insertions  and  deletions.  The  advantage  of  this  can  be  seen  in  the  ease  with  which  it  can  be 
adapted  for  approximate  reasoning  on  strings  (see  [16].)  To  make  the  paper  more  readable,  we  briefly  describe 
the  unify  algorithm  in  the  appendix. 


2  Applications  of  CLP  (<5) 

We  discuss  three  applicaticms  d  CLP(B):  in  natural  language  processing  for  encoding  logic  grammar  rules 
and  f<»  performing  computational  morphology;  in  visual  scene  processing  for  picture  correspondence  and  as  a 
picture  description  language;  and,  in  genetic  sequence  analysis  and  for  implementing  genetic  algorithms. 
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2.1  Natural  Language  Processing 

Natural  language  sentences  are  inherently  not  well-structured.  Their  processing  requires  sentences  of  different 
types  and  phraseology  to  be  parsed  and  analyzed.  Even  though  there  are  some  concrete  rules  which  govern 
their  analyses,  for  most  parts  ad  hoc  analysis  needs  to  be  performed.  The  analysis  further  deteriorates  when 
one  has  to  deal  with  spoken  and/or  colloquial  sentences.  In  such  cases,  words  or  even  parts  of  sentences  may  be 
iniiMitig  caused  probably  by  the  speaker  having  a  casual  locution.  Further,  in  morphological  analysis  one  needs 
to  divide  a  word  into  several  parts  to  identify  the  underlying  morphemes;  sometimes  no  division  is  necessary. 
For  example  take  the  case  of  the  following  three  transitive  verbs,  incite,  instigate  and  invent.  The  first  word 
has  to  be  divided  into  a  prefix  in  and  a  transitive  verb  cite,  whereas  the  other  two  need  no  such  division.  In 
the  last  case,  one  can  actually  divide  it  into  a  prefix  in  and  a  transitive  verb  vent,  but  the  recombined  meaning 
of  the  morphemes  in+veaf  is  entirely  different  from  the  (me  given  by  the  full  word  invent.  In  the  above 
analysis,  one  is  neither  dealing  with  a  (indivisible)  constant  nor  building  a  term  from  constants  in  the  manner 
of  term-based  logic.  The  use  of  strings  as  representation  would  be  useful  in  naturally  encoding  the  different 
types  of  grammatical  formations  and  rules  used  in  the  lexical  and  morphological  analysis  of  natural  language. 
The  associative  property  of  string  concatenation  permits  one  to  cut  a  string  into  two  or  more  substrings  at 
arbitrary  locations. 

Another  important  advantage  of  using  strings  as  representation  of  sentences  comes  from  the  ‘global’  view 
offered  by  strings  as  compared  to  the  ‘local’  view  of  term-based  structures.  When  one  needs  to  analyze  (or 
process)  several  parts  of  the  list  as  the  same  time,  as  may  be  required  for  extraposition  or  discontinuity 
analysis,  one  has  to  move  (skip)  through  the  list  to  perform  the  analyses.  Such  analysis  can  be  easily  done 
using  strings.  The  use  of  strings  also  eases  the  operations  of  ‘movement’,  insertions  and  deletions  which  are 
not  easily  performed  with  functirms  or  lists.  Such  insertions  and  deletions  occur  quite  often  in  morphological 
analysis. 

To  show  how  logic  grammar  rules  can  be  encoded  as  CLP(£)  rules,  we  give  an  example  in  Discontinuous 
grammar  [2].  The  rules  in  these  grammars  are  of  the  form: 

5, ao,«kip(Xi),  <»t , . . . ,  skip(X„),  a„  -*  j3o,skip(Xj[),  A , . . . ,  skip(X!„), 
where  5  is  a  non-terminal  and,  as  and  ^  are  strings  of  terminals  and  non-terminals.  {0  can  also  be  procedure 
calls).  The  Xs  denote  arbitrary  strings  which  need  to  be  skipped.  For  example  the  following  rule: 

(DG)  Jteljnarker,ski]^G),  trace  -*  Rel^onoun,skip{G) 
taken  from  [2]  parses  sentences  such  as  “the  man  that  John  saw  laughed”,  where  it  considers  the  noun  phrase 
“the  naan  that  John  saw”  to  be  a  surface  expressicm  of  a  more  explicit  statement:  “the  man  [John  saw  the 
man]”,  where  the  second  occurrence  of  “the  man”  has  been  moved  to  the  left  and  subsumed  by  the  relative 
pronoun  “that” .  The  rule  can  be  translated  into  a  CLP(5)  program  rule  as: 

sentence^H^ZT)  *—  reljnarker(X),trace{W),sentence(HXZWT) 

The  atonos  re/-marker(X)  and  trace(W)  are  conditions  which  need  to  be  enforced  to  make  the  transformar 
tion  valid.  In  [16]  we  provide  transformations  for  several  different  types  of  logic  grammars  and  prove  their 
correctness. 

The  analysis  of  word  structures  using  computers  is  called  computational  morphology.  In  this  section 
we  show,  through  an  example,  how  one  can  represent  morphological  rules  using  string-based  logic.  In  our 
discussion  <m  computational  morphdogy  we  follow  the  book  [19]  by  Ritchie,  Russell,  Black  and  Pulman.  A 
sample  rule  is  given  below: 

+:e  <=>  {  <  {c;c  |  s:s}  (  h;h  )  >  j  z:*  |  x:x  |  y:i  }  _  sis 
The  rule^  states  that  the  surfoce  character  e  gets  deleted  and  is  replaced  by  a  lexical  character  if  and  only 
if  it  is  is  preceded  by  either  ch,  sh,  s,  x  or  i  realized  as  a  lexical  y  and  is  followed  by  a  s.  The  notation  c:c 
denotes  that  c  remains  unchanged  while  transforming  from  surface  level  to  lexical  level.  The  rule  can  be  used 
to  transform  the  surface  form  flies  to  lexical  form  fly  -p  s.  The  equivalent  CLP(5)  program  is  given  by^: 
n— 3  n— 3 

surftolez{n,  X  shea,  X  ah+s,  1) 

n— 3  n— 3 

9urftolex(n,  X  ehea,  X  ch+s,  1) 

,  n—7  n— 3 

aurftolex{n,  X  *«»,  X  *+*.  1) 

*<  Hem*  >  denotf  seqaaitial  item*  and  {item*}  denotes  dioice  of  items 

and  1  are  need  as  nuzken  and  flafs  ns^  in  other  clauses.  See  [16]  for  details. 
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n-J  f»— 2 

3urftolex{n,  X  zes,  X  ^+*i  1) 

In  [16],  we  provide  translations  for  some  of  the  other  nK^phographeinic  rules  given  in  [19].  From  the  rules 
shown  here  and  in  [16]  it  can  be  seen  that  morphological  transformation  of  a  surface  character  into  a  lexical 
character  requires  character  strings  of  variable  lengths  on  either  side  and  also  requires  insertion  and  deletion 
of  characters.  These  operations  are  well-suited  for  a  string-based  representation. 

In  [16],  we  also  show  how  one  can  use  CLP(5)  to  perform  word  segmentation  to  identify  categories  and 
for  encoding  feature  passing  conventions.  Rules  such  as  generation  and  analysis  of  plural  nouns,  compound 
nouns,  pre&dng,  etc,  are  given  in  [16]. 

Next,  we  point  out  how  the  CLP(5)  system  can  be  used  for  dealing  with  sentences  with  simple  errors 
and  sentences  that  are  incomplete.  In  [26]  algorithms  for  several  kinds  of  approximate  string  matching  ate 
provided.  They  permit  mismatches  caused  by  extra  characters,  missing  characters,  altered  (substituted) 
characters  and  interchanged  characters.  For  example,  the  sentence  “The  man  tat  John  saw  lauhged”  has 
two  errors,  one  caused  by  a  missing  character  and  another  by  a  pair  of  interchanged  characters.  Parsing  this 
sentence  normally  would  lead  to  failure.  If  we  augment  string-matching  to  reason  with  such  errors  and  build 
in  the  mechanism  as  part  of  string-constraint  solving  one  can  parse  the  above  statement.  In  [16]  we  show  how 
one  can  augment  the  reduce  algorithm  to  take  care  of  such  errors.  The  case  of  incomplete  sentences,  sentences 
with  gaps  in  them,  is  easily  treated  with  CLP(5),  even  though  computationally  it  may  not  be  attractive.  The 
following  can  be  given  as  a  goal,  when  one  knows  that  there  are  two  g^s  in  the  sentences  with  one  of  them 
of  bounded  size. 

n  3 

^  {n  >  3,  n  <  10},  sen<encc(tAe  man  Xjohn  Y  laughed). 

One  of  the  bindings  returned  may  be  values  “that  ”  and  “saw”  to  X  and  Y  respectively  when  used  with 
proper  rules.  The  need  for  parsing  such  incomplete  sentences  can  be  seen  in  several  cases;  when  parsing  old 
manuscripts  with  torn  or  missing  segments  or  when  parsing  a  sentence  heard  over  radio  or  telephone  where  one 
may  mimi  some  segments  due  to  noise.  Parsing  colloquial  sentences  which  may  have  many  missing  segments. 
CLP(^)  provides  a  method  for  parsing  such  sentences  which  may  not  be  easily  possible  with  other  methods 
of  natural  language  analysis. 

2.2  Image  Processing 

One  of  the  main  areas  in  image  processing  deals  with  picture  identification.  For  example,  given  a  set  of  pictures 
one  may  want  to  find  a  picture  in  which  there  are  two  cars  or,  one  may  want  to  check  whether  another  picture 
is  a  sub-picture  of  a  picture  in  the  set.  A  second  question  may  involve  approximate  reasoning,  since  the  smaller 
picture  may  not  be  a  precise  sub-picture.  One  of  the  ways  of  representing  pictures  is  to  convert  them  into 
symbolic  forms  based  on  an  alphaJ)et  of  ‘icons’.  For  example,  if  one  wants  to  represent  a  map  of  a  region, 
then  <me  can  iconify  the  objects  in  the  nuq>  (such  as  large  lakes  (a),  mountains  (b),  forests  (c),  hills  (d),etc.,) 
and  place  the  icons  on  a  corresponding  scaled  grid-map.  Figure  1  shows  such  maps.  Chang  et.  al.  [4]  define  a 
scheme  where  iconic  images  are  stored  as  2-D  strings.  For  example,  the  2D-repre8ent3tion  of  the  iconic  picture 
of  Figure  1,  p  is  given  by  (ad  <  b  <  e)(a  <  be  <  d). 

Note  that  the  symbol  <  captures  the  spatial  relationship  of  below  and  to-the-right-of  in  the  two  2-D  string 
representation.  Chang  et.  al.  [4]  provide  algorithms  to  translate  iconic  pictures  into  2D-representations  and 
vice  versa.  In  [18]  we  provide  CLP(5)  programs  for  performing  these  translations. 

The  two-dimensional  string  representation  provides  a  simple  approach  to  perform  subpicture  matching. 
Chang  et.  al.  [4]  describe  three  types  of  matching  with  decreasing  levels  of  approximation;  the  last  type 
(fype-2)  provides  an  exact  sub-picture  of  another.  In  the  following  r(a)  denotes  the  rank  of  a  non-<  symbol 
in  a  string  and  is  defined  as  one  plus  the  number  of  <’s  preceding  the  symbol  in  s.  A  string  u  is  a  type-i  1-D 
subsequence  of  a  string  v  if  for  all  ois  and  bis,  if  ai5i6i  is  a  substring  of  u  and  02^262  is  a  substring  of  v 
(where  Si  and  S2  are  strings)  and  a^,  bi  match  02,  62  resp.,  then 

(for  type-0)  r(62)  —  r(o2)  >  r(6i)  —  r(ai)  or  r(6i)  —  r(ai)  =  0 

(for  type-1)  r(62)  -  r(a2)  >  r(6i)  -  r(ai)  >  0  or  r(62)  -  r(o2)  =  r(bi)  -  r(ai)  =  0 

(for  type-2)  r(b2)  -  r(a2)  =  r(bi)  -  r(oi). 

Let  (11,  v)  and  («',  t/)  be  2-D  representations  of  pictures  p  and  p'  respectively.  Then  p'  is  a  type-i  2-D 
subpieture  of  p  if  u'  is  a  type-i  1-D  subsequence  of  u,  and  v’  is  a  type-i  1-D  subsequence  of  v.  In  Figure  2, 
Pi,  P2  and  ps  are  type-0  subpictures  of  p;  pi  and  p2  are  type-1  subpictures  of  p;  and  pi  is  a  type-2  subpicture 


99 


b 

a 

P  Pi  1^2 

figure  1 

Chang  et.  al.  [4]  provide  a  complicated  pseudo  code  procedure  for  performing  the  three  matchings.  In 
[18]  we  use  CLP(5)  programs  to  encode  their  definitions  of  type>i  subsequences  and  to  provide  matching 
procedures  for  picture  identiiicati<Hi.  We  do  not  discuss  them  due  to  space  constraints. 

CLP(5)  programs  can  also  be  used  to  encode  picture  description  languages  (PDLs)  [22,  8].  For  example, 
with  proper  labeling,  the  string  ahahab  denotes  a  staircase  structure  with  three  stairs.  The  above  description 
can  be  captured  using  string-based  logic  as  follows: 
stairc<ue{ab), 

n  n 

stair ease(cbX)  ^  stairca8e{X) 

Similarly,  description  of  conq>ound  objects  with  occlusions  can  be  given  succinctly  using  CLP(5): 

,  fimp  n m p  m 

oeeluded^cene(WZy)  objecl(WXY),td>jeet(Z)- 
oceludedjscene(WZ)  objeet(WX),objeet(Z),m  >  r. 
oceluded^cene{ZW)  <—  objeet{XW),object{Z),fn>  r. 

The  representation  can  be  used  to  reason  about  a  scene,  answering  more  complicated  questions  such  as  ‘whether 
an  object  is  in  a  scene  (probably  partially  occluded)?’  ‘whether  an  object  is  to  the  left  (or  right)  of  another 
object?’ 


2.3  Genetic  Operators  and  DNA  Grammar 


String-based  logic  can  be  used  in  genetic  code  processing  in  two  ways.  One  of  the  method  is  to  define  operators 
which  can  be  used  to  bui/d  genttie  sequences.  Another  method  is  to  use  string-based  logic  to  define  genetic 
sequences  and  use  these  definitions  to  search  for  sequences  in  a  given  genetic  code. 

Genetic  synthesis  can  be  defined  by  several  operators  such  as  reproduction,  crossover,  jumping  and  muta¬ 
tion.  These  operations  can  be  implemented  in  CLP(5).  A  somewhat  complex  cross-overs  can  easily  be  defined 
as  follows. 

nmnrmm  nmn  r  mm 


crossed.genes{XjyjZi,Xi^iZ2)  *-  9cne{Xif^i),gene[X^^2). 

In  [18]  we  define  other  operators  using  CLP(5).  The  new  field  of  Genetic  Algorithms  is  based  on  these  and 
other  operators  and  [7, 25]  shows  how  Genetic  Algcvithms  can  be  used  to  encode  and  solve  several  problems  in¬ 
cluding  the  traveling  salesman  problem.  The  advantage  gained  by  encoding  the  operators  using  this  approach, 
is  that  one  obtains  declarative-procedural  duality  and  a  reasoning  system  based  on  the  logic  programming 
paradigm. 

The  recent  explosion  in  genetics  research,  e.g.,  the  Genome  Project,  has  lead  to  the  accumulation  of  a 
very  large  database  of  human  (and  other  species)  genetic  sequences.  Analyzing  this  massive  amount  of  data 
would  require  a  vast  amount  of  computation  and  sophisticated  algorithms.  As  Searls  points  out  in  [20,  21] 
the  primary  tool  currently  used  to  analyze  the  data  is  based  on  linear  pattern  matching  and  on  viewing  the 
data  as  a  long  string  [3,  9].  Search  for  genetic  sequences  ate  carried  out  using  regular  expressions  based  on  a 
regular  language.  In  [20,  21]  Searls  describes  a  computational  linguistic  approach  where  the  DNA  sequences 
can  be  represented  using  formal  grammar,  which  is  better  thrm  the  linear  search  techniques..  We  translate  his 
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DNA  grammar  rules  into  CLP(5)  rules.  He  deitnes  complicated  genetic  structures  using  simpler  structures, 
gene  =>  upstream,  xscript,  downstream, 
upstream  ^  catBox,  40 . . .  50,  tataBox  ,  19 ...  27. 
xscript  =>  capSite  ,  . . xlate  ,  . . termination. 

These  definitions  given  above  are  not  regular  expressions  auid  require  encoding  of  gaps  (both  unbound  (. . .) 
and  variably-bounded  (40 . . .  50)}  in  the  sequence.  These  gaps  may  be  unimportant  or  untranslatable  in  that 
particular  gene  expression.  The  above  rules  given  above  can  be  directly  represented  as  the  following  CLP(5) 
rtiles: 

mr»p  m  n  p 

gtnt{X)fZ)  upsirtam{X)yZ»cripHy)^do%Dn$iTeafn{2) 
upstream{WX^i)  *~ 

cathox{W),  n  <  50,  n  >  40, tatabox{Y),q  <27,q  >  19 

xscriptim^Z)  — 

capsitt(y),  xlate(X),termination{Z). 

Our  representaticm  of  the  DNA  grammar  rules  have  the  advantage  of  being  straightforward  and  declarative 
translations,  whereas  Searls’  transformation  into  Prolog  are  interpreter  dependent. 

There  are  other  genetic  features  such  as  a  repeat,  inverted  repeat,  palindromes,  tandem  repeats, 
clover-leaf  repeat,  copia  and  so  on,  which  cause  the  representation  of  genetic  sequences  to  be  beyond  the 
power  of  context-free  languages.  In  [18]  we  show  how  these  features  can  be  defined  using  CLP(i5)  rules. 
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Appendix 

A  Unify  Algorithm 

Definition  1  A  partially-solved  form  of  a  set  of  string  equations  is  a  set  of  string  equations 
{Ri  =  Si,...R„  =  Sn)  such  that 

«  t 

I  £  *  ^  either  Hi  or  5,-  is  of  the  form  XiQi,  where  Xi  is  a  string-variable  with  size  i  and  Q,-  is  a 
(possibly  empty)  string,  and 

t  t 

V’>  either  Hi  or  5,-  is  of  the  form  PiXi,  where  Xi  is  a  string- variable  with  size  t  and  Pj  is  a 

(possibly  empty)  string.  □ 

Definition  2  A  solved  form  of  a  set  of  string  equations  is  a  set  of  string  equations 

»i  *»  u 

{A'i=  S\,...  X„=  S„}  such  that  Vi,  1  <  i  <  n,Xi  is  a  string- variable,  Vi,l  <  i  <  j  <  n,Xj  Xj,  and 
Vi,  1  <  i,  j  <  n,  Xi  is  not  in  any  variable  in  Sj  D 

Every  set  of  equations  in  solved-form  are  also  in  parti^ly-solved  form.  We  next  define  an  algorithm  which 
transforms  a  set  of  string  equations  into  a  partially-solved  form.  Proofs  of  theorems  are  given  in  [18]. 
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Algorithm  1  (Reduce  Algorithm) 

Input  S,  a  set  of  siring  equations 

Output  On  SUCCESS  returns  S',  a  set  of  siring  equations,  else  returns  FAILURE. 

Non-deterministieaUg  choose  from  the  set  of  equation  S  an  equation  of  a  form  below  and  perform  the  associated 
action:  (in  the  following  i  denotes  a  natural  number.) 

(A:l)  o  =  c  halt  with  FAILURE. 

(A:i)  SiSi  =  €  replace  by  the  equations  Si  =  e.S}  =  e. 

(A:S)  aSi  —  aS^  or  5]a  =  San,  replace  by  the  equation  Si  =  S3. 

(A:4)  aSi  =  bS3  or  Sia  =  Sj>,  where  a^b,  halt  with  FAILURE. 

(A:5)  Si  —  Si  for  any  string  Si,  delete  the  equation 

it  it 

(A:6)  X=  Si  or  Si  =X  where  Si  is  not  identical  to  X  and  X  has  another  occurrence 
in  the  set  of  equations.  If  X  appears  in  Si  then  halt  with  FAILURE. 

Otherwise  substitute  Si  wherever  X  appears  in  every  other  equation. 

(A:7)  Sifli . . . ajS3  —  bi . .  .bk  or  bi .  ..bt  —  Siai . . .  ajS3, 

ifai...aj  is  not  a  substring  ofbi...bic  then  halt  with  FAILURE., 
else,  ifai .  ..aj  is  a  unique  substring  ofbi...bh  such  that 

ji  ...bt  =  bi ...  b,ai . . .  aft,  ...bt,  replace  by  the  equations  Si  =  61 . . .  6^  and  S3  =  b, . .  .bt 

(A:8)  X  Si  =ai...ajS3  orai...  aySj  =X  Si  where  S3  contains  at  least  one  variable  and  Si  ^  e 

If  j  >  i,  replace  by  the  equations  X=  ai . .  .Oi  and  Si  =  a,+i . . . a^Sj 

I  •— i  i 

If  i>  j,  replace  by  the  equations  X=:  ai . . .  aj  W  and  S3  =W  Si 
(A:S’)  Si  X=  Sjflj  ...ai  or  Saa^  . .  .ai  =  Si  X  where  S3  contains  at  least  one  variable  and  Si  ^  e 
If  j>  i,  replace  by  the  equations  X=  at...  ai  and  Si  =  Sao^- . . .  a,+i 

I 

Ifi>  j,  replace  by  the  equations  X=:W  aj  ...Oi  and  S3  =  Si  W 

(A:9)  X  Si  S3,  where  Si  and  S3  are  not  empty  strings. 

i  « j—i 

If  j  >  i,  replace  by  the  equations  Y=XW  and  Si=:W  S3 

Ifi  >  j,  replace  by  the  equations  X=yW  and  S3  =W  Si 

(A:9’)  Si  X—  S3  Y,  where  Si  and  S3  are  not  empty  strings. 

j  j—i i  » 

If  j  >  i,  replar-  by  the  equations  Y=WX  and  Si  =  S3  W 

Ifi>  j,  rephtri  by  the  equations  X=WY  and  S2  =  Si  W 
(A:10)  S1S3  =  S3S4  where  iSi|  =  IS3I  or  IS2I  =  IS4I,  replace  by  Si  =  S3  and  S3  =  S4 
(A:ll)  If  none  of  the  steps  (A:l)  trough  (A:10)  can  be  applied , 
hah  with  SUCCESS  returning  the  set  of  equations. 

Theorem  1  Let  S  be  a  set  of  string  equations  which  is  reduced  using  the  reduce  algorithm.  Then, 

1.  The  algorithm  halts  in  finite  steps; 

2.  If  S'  is  the  output  set  of  string  equations  then  S  is  equivalent  to  S'; 

3.  If  S'  is  the  output  set  of  string  equations  then  S  is  in  partially-solved  form; 

4.  If  the  algorithm  terminates  with  FAILURE  then  S  is  not  unifiable. 

Definitidn  3  A  string  equation  is  in  size-constant  form  if  every  string-variable  occurring  in  the  equation  has 
an  integer  as  its  size  parameter.  A  set  of  string  equations  is  in  size-constant  form  if  every  equation  in  the  set 
is  in  size-c<aistant  fcnm.  A  string  is  in  size-constant  form  if  every  string-variable  occurring  in  the  string  has 
an  integer  as  its  size  parameter. 

Lemma  1  Let  5  be  a  set  of  string  equations  in  size-constant  form.  Then  the  reduce  algorithm  results  in 
FAILURE  if  and  only  if,  S  has  no  unifiers,  or  else  results  in  a  solved-form.  Moreover,  the  set  of  equations  in 
solved  form  provides  the  unique  (up  to  renaming)  most  general  unifier  for  5.  □ 
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An  advantage  of  the  rule-based  reduce  algorithm  is  that  one  can  add  failure-rules  to  it  without  compromising 
the  soundness  or  the  completeness  of  the  algorithm.  Such  additions  would  enable  one  to  fail  a  reduction 
process  faster  than  without  the  rules.  For  example,  it  is  well  known  that  the  following  string  equations  have 
no  unifier:  a  X—X  h  and  X  a  Y=Y  b  X-  Such  rules  can  be  used  as  additional  conditions  for  failing  the 
unification  process  of  the  reduce  algorithm. 

B  CLP(«S)-Resolution 

A  CLP(^)-derivation  is  similar  to  a  CLP-derivation  [11]  but  uses  algebraic  and  string  constraint  solvers. 
Definition  4  (SSLD-Derivation) 

Let  Let  A  he  an  algebraic  constraint  solver  and  letU  be  a  string-constraint  solver.  Let  P  be  a  CLP(S)  program 
and  let  G  be  a  goal.  A  String  SLD-derivation  is  a  sequence  of  CLP(S)-gDals  Go  =  G,Gi, . . .,  such  that  Vi  >  0, 
Gj+i  is  obtained  from  Gi  =<—  CiiJEi,Ai,...,An-  as  follows: 

1.  Am  ia  an  atom  in  Gi  and  is  called  the  selected  atom. 

t.  A*—  Bi,..  .Bf  15  s  program  clause  in  P  standardized  apart  with  respect  to  Gi 
S.  Ci+i  =  CiU{Si=S[,...,S„=  5;}  and  £;.+i  =  Ei  U  {|Si|  =  |SJ  |, . . . ,  |S„|  =  |S;i} 
when  Am  and  A  are  of  the  form  Am  =p(^i>  -  -  •  >^n)  and  A  =p(5[, ..  .,5^) 

4-  Gl+i  is  the  goal  *— Ci+iU  Ei+i,Ai,. .  .,Am-i>^ii- ••Sr,Am+i . A„ 

5.  Lei  9i  be  the  set  of  string  substitutions  found  bg  applying  A  and  U  to  U  Ei+i. 

6.  Gj+i  is  ^e  goal  *-  {Ci.^i\J  Ei.^.l,Al,.. .  ,Am-i,Bi,..  .Br,Am.^ii ,  ■  ■■  ,A„)0i  Q 

In  line  5,  9i  consists  only  of  equations  in  C.-^i  U  Ei+i  which  are  in  solved  form;  the  rest  of  the  equations  in 
Ci+i  U  Ei.^1  may  be  in  partially-solved  form. 

Definiticm  5  Let  P  be  a  CLP(5)  program  and  let  G  be  a  goal.  A  successful  SSLD-derivation  is  an  SSLD- 
derivation  which  ends  in  a  goal  with  only  (possibly  en^ty)  constraints  and  no  predicate  goals.  □ 

Definiticm  6  Let  A  be  an  algebraic  constraint  solver  and  let  17  be  a  string-constraint  s<dver.  Let  P  be  a 
CLP(5)  program  and  let  G  be  a  goal.  Let  ^—C„uEn  be  the  final  goal  in  a  successful  SSLD-derivation.  Then 
Ea  U  Ev  is  a  SSLD-computed  constraint  using  A  and  U  fat  Pu  {G}  if 
Pa  is  a  set  of  integer  equations  obtained  from  reducing  En  using  A, 
and  let  0a  be  the  subset  of  Ea  that  are  variable  substitutions 

is  a  set  of  string  equations  obtained  from  reducing  C„9a  using  U. 

If  Eu  Up^  is  a  set  of  string  substitutions  then  the  substitutions  in  Pa  U  Eu  restricted  to  the  variables  occurring 
in  G  is  an  SSLD-computed  answer  substitution  for  P  U  {G}.  Q 

Note  that  it  is  possible  that  the  algebraic  constraint  solver  or  the  string  constraint  solver  may  halt  in  failure. 
In  such  a  case  the  SSLD-resolution  is  considered  to  have  ended  in  failure.  The  soundness  and  completeness  of 
SSLD-res<dution  for  allowed  CLP(£)  programs  is  shown  in  [18]. 


Example  1  Let  5  =  {xy=yA’) 

The  reduce  algorithm  proceeds  as  follows; 

5i  =  {Y~XW,Y=WX)  from  (A  :  8) 

Sj  =  {Y=XW,XW=WX}  from  (A  :  6) 

-  ,3212  112  11-. 

53  =  {Y=XW,X=WZ,X=ZW]  from  (A  :  8) 

,3  1113  111111, 

54  =  {Y-WZWyX=WZ,WZ=^ZW}  from  (A  ;  6) 

,31112  111111, 

Si  -  {Y=WZW,X=WZ,  W=Z,  Z=W}  from  (A  :  8) 

,31113111111, 

Se  =  {Y=ZZZ,X=ZZ,W=Z,Z=Z}  from  (A  :  6) 

-  ,31112  111  1,. 

Sr  =  {Y=ZZZ,X=ZZ,  W=Z}  from  (A  ;  5) 

Halts  with  success. 
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The  following  is  an  SSLD-deiivation  for  the  goal  *—  add(0100,0101,P)  using  the  program  given  below: 
{s«cc(X  O.A’l), 

«t»cc(Xl,yO)  ^  s«cc(i:,y), 

add{X,0,X), 

T  \  m  Pi  ,  r  m  p 

add(XA,  y  0, 2A)  ^  add(X,  Y,  Z), 

add(X,Yl,  ZA)  <-  (suec(X,  WA)  A  add(W.  Y,  I))} 

(Instantiations  of  the  variable  symbols  in  the  SSLD-derivation  is  differentiated  through  subscripts.) 

<-{},add(0100,0101,P) 

I  ruing  add{X,  Yl,ZA)r-  8ucc{X,WA),  add{W,  Y,  Z) 

I  $1  =  {jc=  0100,  y=  010,  r  =  4,m  =  3} 

^  {P=ZA,  s  =  p  +  1}  U  fli,  sticc(0100,  WA),add{W, 010,  Z) 

r\  ri 

I  using  succ(A’i  0,  1) 

I  0,  =  {Xi=  010,  W=  010,  i=  1,  ri  =  3,  n  =  3} 

^  {ZA=P,  8  =  p+l}ueiU02,  add(010, 010,  Z) 

I  ruing  add(^X2A2,  Y2  0,  Z1A2)  add(X2, 1^, ^1) 

1  —  {X2=  01,  .<42=  0,y2=  01,  r2  =  2,0*2  =  2} 

^  {P=^A,  8  =  P+1,  ZiA2=^,p  =  Pi  +  1}  U  fli  U  ^2  U  03,  add(01, 01,  z\) 

I  ruing  add{X3,Y3l,Z2A3)  *—  8ricc{X3,iViA3),add{Wi,Y3,Z2) 

I  ^4  =  {•^3=  01, 13=  0,  rs  =  2,  m3  =  1} 

^  {P=ZA,  8  =  p+  1, 11X2=1, P  =  Pi  +  1, 11=12X3, Pi  =P2  +  l}U0iU02U03U04, 

succ(01,  ^1X3),  adrf(M,  0, 11) 

f4  m4  N  ”34 

I  ruing  8uee(X4 1,  y4 0)  <—  succ(A’4,  Ki) 

I  =  {■X’4=  o,y4=vyi,X3=  o,r4  =  1,0*4  =  1} 

^  {P=lx,  «  =  P  +  1, 11x2=1,  p  =  Pi  +  1,  ll=ll^,Pl  =  P2  +  1}  u  U  ^2  u  03  U  ^4  U  ^5, 

succ(0,  Wi)add(Wi,  0,  Z2) 
r*  r# 

I  using  succ(Xs0,.Ys  1) 

I  06  =  {Xs=  e,  Wi=  1,  ni  =  1,  rs  =  0} 

^  {P=ZA, s  =  P+l, llX2=l,p  =  Pi  +  1. 11=11X3, Pi  =  P2  +  1}  U 01  U 02  U 03  U  04  U  0s  U  06, 
add(l,0,ll) 

I  using  add(Xe,  0,X6) 

I  07  =  {X6=  1,^2=  1,P2  =  1,»'6  =  1} 

^  {P=lx,  »  =  P  +  1, 11x2=1, p  =  Pi  +  1,  ll=llX3,Pl  =  P2  +  1}  u  0j  U  02  U  03  U  04  U  05  U  06  U  07. 
Applying  the  Gaussian  elimination  and  the  reduce  algorithm  to  the  constraint  set  given  by: 

{P=1X,  *  =  P  +  1, 11X2=1,  P  =  Pi  +  1, 11  =11X3,  Pi  =  P2  +  1}  U  01  U  02  U  03  U  04  U  05  U  06  U  07, 
we  obtain  the  answer  substitution:  P=  1001.  O 


105 


Towards  CIAO-Prolog  - 
A  Parallel  Concurrent  Constraint  System 


M.  Hermenegildo 


Facultad  de  Informatica 
Universidad  Politecnica  de  Madrid  (UPM) 
28660-Boadilla  del  Moote,  Madrid,  Spain 
herme4lii.upm.es 


1  Introduction 

We  present  an  informal  discussion  on  some  methodological  aspects  regarding  the  efficient  parallel  implementation 
of  (concurrent)  (constraint)  logic  programming  systems,  as  well  as  an  overview  of  some  of  the  current  work 
performed  by  our  group  in  the  context  of  such  systems.  These  efforts  represent  our  first  steps  towards  the 
development  of  what  we  call  the  CIAO  (Concurrent,  Independence-based  And/Or  parallel)  system  -  a  platform 
which  we  expect  will  provide  efficient  implementations  of  a  series  of  non-dtltministic,  concurrent,  constraint 
logic  programming  languages,  on  sequential  and  multiprocessor  machines. 

CIAO  can  be  in  some  ways  seen  as  an  evolution  of  the  ^-Prolog  [17]  system  concepts:  it  builds  on  k- 
Prolog  ideas  such  as  parallelization  and  optimization  heavily  based  on  compile-t*me  global  analysis  and  efficient 
abstract  machine  design.  On  the  other  hand,  CIAO  is  aimed  at  adding  sever;  nportant  extensions,  such  as 
or-parallelism,  constraints,  more  direct  support  for  explicit  concurrency  in  the  source  language,  as  well  as  other 
ideas  inspired  by  proposals  such  as  Muse  [1]  and  Aurora  [27],  GHC  [39],  PNU-Prolog  [30],  IDIOM  [16],  DDAS 
[32],  Andorra-I  [31],  AKL  [20],  and  the  extended  Andorra  model  [40].  One  of  the  objectives  of  CIAO  is  to  offer 
at  the  same  time  sdl  the  user-level  models  provided  by  these  systems. 

More  than  a  precisely  defined  design,  at  this  point  the  CIAO  system  should  be  seen  as  a  target  which  serves 
to  motivate  and  direct  our  current  research  efforts.  This  impreciseness  is  purposely  based  on  our  belief  that, 
in  order  to  develop  an  efficient  system  with  the  characteristics  that  we  desire,  a  number  of  technologies  have 
to  mature  and  others  still  have  to  be  developed  from  scratch.  Thus,  our  main  focus  at  the  moment  is  in  the 
development  of  some  of  these  technologies,  whidt  include,  among  others,  improved  memory  management  and 
scheduling  techniques,  development  of  parallelization  technology  for  non-strict  forms  of  independence,  efficient 
combination  of  and-  and  or-parallelism,  support  of  several  programming  paradigms  via  program  transformation, 
and  the  extension  of  current  parallelization  theory  and  global  analysis  tools  to  deal  with  constraint-based 
languages. 

We  will  start  our  discussion  by  dealing  with  some  methodological  issues.  We  will  then  introduce  some  of 
our  recent  work  in  the  direction  mentioned  above.  Given  the  space  limitations  the  description  will  be  aimed 
at  providing  an  overall  view  of  our  recent  progress  and  a  set  of  pointers  to  some  relevant  recent  publications 
and  technical  reports  which  describe  our  results  more  fully.  We  hope  that  in  light  of  the  objective  of  providing 
pointers,  the  reader  will  be  kind  enough  to  excuse  the  summarized  descriptions  and  the  predominance  in  the 
references  of  (at  least  recent)  work  of  our  group. 

2  Separation  of  issues  /  Fundamental  Principles 

We  begin  our  discussion  with  some  very  general  observations  regarding  computation  rules,  concurrency,  paral¬ 
lelism,  and  independence.  We  believe  these  observations  to  be  instrumental  in  understanding  our  approach  and 
its  relationship  to  others.  A  motivaticn  for  the  discussions  that  follow  is  the  fact  that  many  current  proposals  for 
parallel  or  concurrent  logic  programming  languages  and  models  are  actually  ‘bundled  packages” ,  in  the  sense 
that  they  offer  a  combined  solution  affecting  a  number  of  issues  such  as  choice  of  computation  rule,  concurrency, 
exploitation  of  parallelism,  etc.  This  is  understandable  since  certainly  a  practical  model  has  to  offer  solutions 
for  all  the  problems  involved.  However,  the  bundled  nature  of  (the  description  of)  many  models  often  makes  it 
difficult  to  compare  them  with  each  other.  It  is  our  view  that,  in  order  to  be  able  to  perform  such  comparisons. 
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a  "separation  analysis"  of  models  isolating  their  fundamental  principles  in  (at  least)  the  coordinates  proposed 
above  must  be  performed.  In  fact,  we  also  believe  that  such  un-bundling  brings  the  additional  benefit  of  allowing 
the  identification  and  study  of  the  fundamental  principles  involved  in  a  system  independent  manner  and  the 
transference  of  the  valuable  features  of  a  system  to  another.  In  the  following  we  present  some  ideas  on  how  we 
believe  the  separation  analysis  mentioned  above  might  be  approached. 

2.1  Separating  Control  Rules  and  Parallelism 

We  start  by  discussing  the  separation  of  parallelism  and  computation  rules  in  logic  programming  systems.  Of  the 
concepts  mentioned  above,  probably  the  best  understood  from  the  formal  point  of  view  is  that  of  computation 
rules.  Assuming  for  example  an  SLD  resolution-based  system  the  "computation  rules”  amount  to  a  "selection 
rule”  and  a  “search  rule.”  The  objective  of  computation  rules  in  general  is  to  minimize  work,  i.e.  to  reduce 
the  total  amount  of  resolutions  needed  to  obtain  an  answer.  We  believe  it  is  useful,  at  least  from  th  '  ooint 
of  view  of  analyzing  systems,  to  make  a  strict  distinction  between  parallelism  issues  and  comput  ile 
related  issues.  To  this  end,  we  define  parallelism  as  the  simultaneous  execution  of  a  number  of  inc  nt 
sequences  of  resolutions,  taken  from  those  which  would  have  to  he  performed  in  any  case  as  determinea  ..y  the 
computation  rules.  We  call  each  such  sequence  a  thread  of  execution.  Note  that  as  soon  as  there  is  an  actual 
(i.e.,  run-time)  dependency  between  two  sequences,  one  has  to  wait  for  the  other  and  therefore  parallelism  does 
not  occur  for  some  time.  Thus,  such  sequences  contain  several  threads.  Exploiting  parallelism  means  taking 
a  fixed-size  computation  (determined  by  the  computation  rules),  splitting  it  into  independent  threads  related 
by  dependencies  (building  a  dependency  graph),  and  assigning  these  segments  to  different  agents.  Both  the 
partitioning  and  the  agent  assignment  can  be  performed  statically  or  dynamically.  The  objective  of  parallelism 
in  this  definition  is  simply  to  perform  the  same  amount  of  work  tn  less  time. 

We  consider  as  an  example  a  typical  or-parallel  system.  Let  us  assume  a  finite  tree,  with  no  cuts  or  side- 
effects,  and  that  all  solutions  are  required.  In  a  first  approximation  we  could  consider  that  the  computation 
rules  in  such  a  system  are  the  same  as  in  Prolog  aind  thus  the  same  tree  is  explored  and  the  number  of  resolution 
steps  is  the  same.  Exploiting  (or-)parallelism  then  means  taking  branches  of  the  resolution  tree  (which  have 
no  dependencies,  given  the  assumptions)  and  giving  them  to  different  agents.  The  result  is  a  performance  gain 
that  is  independent  of  any  performance  implications  of  the  computation  rule.  As  is  well  known,  however,  if 
only  (any)  one  solution  is  n^ed,  then  such  a  system  can  behave  quite  differently  from  Prolog:  if  the  leftmost 
solution  (the  one  Prolog  would  find)  is  deep  in  the  tree,  and  there  is  another,  shallower  solution  to  its  right, 
the  or-parallel  system  may  find  this  other  solution  first.  Furthermore,  it  may  do  this  after  having  explored 
a  different  portion  of  the  tree  which  is  potentially  smaller  (although  also  potentially  bigger).  The  interesting 
thing  to  realize  from  our  point  of  view  is  that  part  of  the  possible  performance  gain  (which  sometimes  produces 
“super-linear”  speedups)  comes  in  a  fundamental  way  from  a  change  in  the  computation  rule,  rather  than  from 
parallel  execution  itself.  It  is  not  due  to  the  fact  that  several  agents  are  operating  but  to  the  different  way  in 
which  the  tree  is  being  explored  (“more  breath-first”).^ 

A  siihilar  phenomenon  sq>pears  for  example  in  independent  and-parallel  systems  if  they  incorporate  a  certain 
amount  of  “intelligent  failure”:  computation  may  be  saved.  We  would  like  this  to  be  seen  as  associated  to 
a  smarter  computation  rule  that  is  taking  advantage  of  the  knowledge  of  the  independence  of  some  goals 
rather  than  having  really  anything  to  do  with  the  parallelism.  In  contrast,  also  the  possibility  of  performing 
additional  work  arises:  unless  non-failure  can  be  proved  ahead  of  time,  and-parallel  systems  necessarily  need 
to  be  speculative  to  a  certain  degree  in  order  to  obtain  speedups.  However  such  speculation  can  in  fact  be 
contndled  so  that  no  slow  down  occurs  [18]. 

Another  interesting  example  to  consider  is  the  Andorra-I  system.  The  basic  Andorra  principle  imderlying  this 
system  states  (informally)  that  deterministic  reductions  are  performed  ahead  of  time  and  possibly  in  parallel. 
This  principle  would  be  seen  from  our  point  of  view  as  actuedly  two  principles,  one  related  to  the  computation 
rules  and  another  to  parsJlelism.  FVom  the  computation  rule  point  of  view  the  bottom  line  is  that  deterministic 
reductions  are  executed  first.  This  is  potentially  very  useful  in  practice  since  it  can  result  in  a  change  (generally 
a  reduction,  although  the  converse  may  also  be  true)  of  the  number  of  resolutions  needed  to  find  a  solution. 
Once  the  computation  rule  is  isolated  the  remaining  part  of  the  rule  is  related  to  parallelism  and  can  be  seen 

*Thi*  be  observed  for  exaaqde  by  etertins  «  Muse  or  an  Aurora  eystem  with  aeveral  ‘Vorkeis”  on  a  uniprocessor  machine, 
hi  tbis  experiment  it  is  possible  sometimes  to  obtain  a  performance  gain  ws.t.  a  sequential  Prolog  system  even  thou^  there  is  no 
paraUdban  involved  -  just  a  eorouiininf  computation  rule,  in  this  case  implemented  by  the  multitasking  <^>erating  system. 
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simply  as  stating  that  deterministic  reductions  can  be  executed  in  parallel.  Thus,  the  “parallelism  part”  of  the 
basic  Andorra  principle,  once  isolated  from  the  computation  rule  part,  brings  a  basic  principle  to  parallelism; 
that  of  the  general  convenience  of  parallel  execution  of  deterministic  threads. 

We  believe  that  the  separation  of  computation  rule  and  parallelism  issues  mentioned  above  allows  enlarging 
the  replicability  of  the  interesting  principles  brought  in  by  many  current  models. 

2.2  Abstracting  Away  the  Granularity  Level:  The  FVindamental  Principles 

Having  argued  for  the  separation  of  parallelism  issues  from  those  that  are  related  to  computation  rules,  we  now 
concentrate  on  the  fundamental  principles  governing  parallelism  in  the  different  models  proposed.  We  argue 
that  moving  a  principle  &om  one  system  to  another  can  often  be  done  quite  easily  if  another  such  “separation”  is 
performed:  isolating  the  principle  itself  from  the  level  of  granularity  at  which  it  is  applied.  This  means  viewing 
the  parallelizing  principle  involved  as  associated  to  a  generic  concept  of  thread,  to  be  particularized  for  each 
system,  according  to  the  fundamental  unit  of  parallelian  used  in  such  system. 

As  an  example,  and  following  these  ideas,  the  fundamental  principle  of  determinism  used  in  the  basic  Andorra 
model  can  be  applied  to  the  ^-Prolog  system.  The  basic  unit  of  parallelism  considered  when  parallelizing 
programs  in  the  dassical  ^-Prolog  tools  is  the  subtree  corresponding  to  the  complete  resolution  of  a  given  goal 
in  the  resolvent.  If  the  basic  Andorra  principle  is  applied  at  this  level  of  granularity  its  implications  are  that 
deterministic  subtrees  can  and  should  be  executed  in  parallel  (even  if  they  are  “dependent”  in  the  dassical 
sense).  Moving  the  notions  of  determinism  in  the  other  direction,  i.e.  towards  a  liner  level  of  granularity,  one 
can  think  of  applying  the  principle  at  the  level  of  bindings,  rather  than  clauses,  which  yields  the  concept  of 
“binding  determinism”  of  PNU-Prolog  [30]. 

In  fact,  the  converse  can  also  be  done;  the  underlying  principles  of  &-Prolog  w.r.t.  parallelism  -basically 
its  independence  rules-  can  in  fact  be  applied  at  the  granularity  level  of  the  Andorra  model.  The  concept  of 
independence  in  the  context  of  32-Prolog  is  defined  informally  as  requiring  that  a  part  of  the  execution  “will 
not  be  affected”  by  another.  Suffident  conditions  -strict  and  non-strict  independence  [18]-  are  then  defined 
which  are  shown  to  ensure  this  property.  We  argue  that  applying  these  concepts  at  the  granularity  level  of  the 
Andorra  model  gives  some  new  ways  of  understanding  the  model  and  some  new  solutions  for  its  parallelization. 
In  order  to  do  this  it  is  quite  convenient  to  look  at  the  basic  operations  in  the  light  of  David  Warren’s  extended 
Andorra  model.^  The  extended  Andorra  model  brings  in  the  first  place  the  idea  of  presenting  the  execution  of 
logic  programs  as  a  series  of  simple,  low  level  operations  on  and-or  trees.  In  addition  to  defining  a  lower  level  of 
granularity,  the  extended  Andorra  model  incorporates  some  principles  which  are  related  in  part  to  parallelism 
and  in  part  to  computation  rule  related  issues  such  as  the  above  mentioned  basic  Andorra  principle  and  the 
avoidance  of  re-computation  of  goals. 

On  the  other  hand  the  extended  Andorra  model  also  leaves  several  other  issues  relatively  more  open.  One 
example  is  that  of  when  nondeterministic  reductions  may  take  place  in  parallel.  One  answer  for  this  important 
and  relatively  open  issue  was  given  in  the  instantiation  of  the  model  in  the  AKL  language.  In  AKL  the  concept  of 
“stability”  is  defined  as  follows;  a  configuration  (partial  resolvent)  is  said  to  be  stable  if  it  cannot  be  affected  by 
other  sibling  configurations.  In  that  case  the  operational  semantics  of  AKL  allow  the  non-determinate  promotion 
to  proceed.  Note  that  the  definition  is,  not  surprisingly,  equivalent  to  that  of  independence,  although  applied 
at  a  different  granularity  level.  Unfortunately  stabiUty/independence  is  in  general  an  undecidable  property. 
However,  applying  the  work  developed  in  the  context  of  independent  and-parallelism  at  this  level  of  granularity 
provides  suflScient  conditions  for  it.  The  usefulness  of  this  is  underlined  by  the  fact  that  the  current  version 
of  AKL  incorporates  the  relatively  simple  notion  of  strict  independence  (i.e.  the  absence  of  variable  sharing) 
as  its  stability  rule.  However,  the  presentation  above  clearly  marks  the  way  for  incorporating  more  advanced 
concepts,  such  as  non-strict  independence,  as  a  sufficient  condition  for  the  independence/stability  rule.  As  will 
be  mentioned,  we  are  actively  working  on  compile-time  detection  of  non-strict  independence,  which  we  believe 
will  be  instrumental  in  this  context.  Furthermore,  and  as  we  will  show,  when  adding  constraint  support  to  a 
system  the  traditional  notions  of  independence  are  no  longer  valid  and  both  new  definitions  of  independence 
and  sufficient  conditions  for  it  need  to  be  developed.  We  believe  that  the  view  proposed  herein  allows  the 
direct  ^plication  of  general  results  concerning  independence  in  constraint  systems  to  several  realms,  such  as 
the  extended  Andorra  model  and  AKL. 

^Tbis  w  BBdewtaadahle,  givoi  that  addinz  independent  and-paralWinn  to  the  baaic  Andoira  model  was  one  of  the  objectives 
in  the  devd^niieiit  of  its  extended  vetsi<m. 
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Another  way  of  moving  the  concept  of  independence  to  a  finer  level  of  granularity  is  to  apply  it  at  the 
binding  level.  This  yields  a  rule  which  states  that,  dependent  bindings  of  variables  should  wait  for  their  leftmost 
occurrraces  to  complete  (in  the  same  way  as  subtrees  wait  for  dependent  subtrees  to  their  left  to  complete  in 
the  standard  independent  and-parallelism  model),  which  is  essentially  the  underlying  rule  of  the  DDAS  model 
[32].  In  fact,  one  can  imagine  applying  the  principle  of  non-strict  independence  at  the  level  of  bindings,  which 
would  yield  a  “non-strict”  version  of  DDAS  which  would  not  require  dependent  bindings  to  wait  for  bindings 
to  their  Idt  which  are  guaranteed  to  never  occur,  or  for  bindings  which  are  guaranteed  to  be  compatible  with 
them. 

With  this  view  in  mind  we  argue  that  there  are  essentially  four  fundamental  principles  which  govern  ex¬ 
ploitation  of  parallelism: 

•  independence,  which  allows  parallelism  among  non-deterministic  threads, 

•  determinaey,  which  allows  parallelism  among  dependent  threads, 

•  non-fatluTt,  which  allows  guaranteeing  non-speculativeness,  and 

•  granularity,  which  allows  guaranteeing  speedup  in'  the  presence  of  overheads. 

2.3  User-level  Concurrency 

Similarly  to  the  separations  mentioned  above  (parallelism  vs.  computation  rule  and  principles  vs.  granularity 
level  of  their  application)  we  also  believe  in  a  separation  of  “concurrency”  from  both  parallelism  and  computation 
rules.  We  believe  concurrency  is  most  useful  when  it  is  explicitly  controlled  by  the  user  and  should  be  separate 
from  the  implicit  computation  rules.  This  is  in  contrast  with  parallelism,  which  ideally  should  be  transparent 
to  the  ustt,  and  with  smart  computation  rules  of  which  the  user  should  only  be  aware  in  the  sense  of  being 
able  to  derive  an  upper  bound  on  the  amount  of  computation  involved  in  running  a  program  for  a  given  query 
using  that  rule.  Space  limitations  prevent  us  from  elaborating  more  on  this  topic  or  that  of  the  separation 
between  concurrency  and  parallelism.  However,  an  example  of  an  application  of  the  latter  can  be  seen  in 
scAeda/e  analysis,  where  the  maximal  essential  components  of  concurrency  ate  isolated  and  sequenced  to  allow 
the  most  efiSdent  possible  execution  of  the  concurrent  program  by  one  agent  [21].  Schedule  analysis  is,  after 
all,  an  application  of  the  concept  of  dependence  (or,  conversely,  independence)  at  a  certain  level  of  granularity 
in  order  to  “unparallelize”  a  program,  and  is  thus  based  on  the  same  principles  as  automatic  parallelization. 

2.4  Towards  a  General-Purpose  Implementation 

We  believe  that  the  points  regarding  the  separation  of  issues  and  fundamental  principles  sketched  in  the  previous 
sections  at  the  same  time  explain  and  are  supported  by  the  recent  trend  towards  convergence  in  the  impleme- 
nation  techniques  of  systems  that  are  in  prindple  very  different,  such  as  the  various  parallel  implementations 
of  Prolog  on  one  hand  (see,  for  example,  [17,  27,  2])  and  the  implementations  of  the  various  committed  choice 
languages  on  the  other  (see,  for  example,  [7,  8,  14,  19,  24,  35,  38,  39]).  The  former  are  based  on  schemes  for 
parallelizing  a  sequential  language;  they  tend  to  be  stack-based,  in  the  sense  that  (virtual)  processors  allocate 
environments  on  a  stack  and  execute  computations  “locally”  as  far  as  possible  until  there  is  no  more  work  to  do, 
at  which  point  they  “steal”  work  from  a  busy  processor.  The  latter,  by  contrast,  are  based  on  concurrent  lan¬ 
guages  with  dataflow  synchronization;  they  tend  to  be  heap-based,  in  the  sense  that  environments  are  generally 
allocated  on  a  heap,  and  there  is  (at  least  conceptually)  a  shared  queue  of  active  tasks. 

The  aforementioned  convergence  can  be  observed  in  that,  on  one  hand,  driven  by  the  demonstrated  utility 
of  delay  primitives  in  sequential  Prolog  systems  (e.g.,  the  Iraeze  and  block  declarations  of  Sicstus  Prolog  [6], 
whan  declarations  of  NU-Prolog  [36],  etc.),  parallel  Prolog  systems  have  been  incorporating  capabilities  to  deal 
with  user4dined  suspension  and  coroutining  behaviors — ^for  example,  Ic-Prolog  allows  programmer-supplied 
watt-declarations,  which  can  be  used  to  express  arbitrary  control  dependencies.  In  sequential  Prolog  systems 
with  delay  primitives,  delayed  goals  are  typically  represented  via  heap-allocated  “suspension  records,”  and  such 
goab  are  awakened  when  the  variables  they  are  suspended  on  get  bindings  [5].  Parallel  Prolog  systems  inherit 
this  architecture,  leading  to  implementations  where  individual  tasks  are  stack-oriented,  together  with  support 
for  he^allocated  suspensions  and  dataflow  synchronization.  On  the  other  hand,  driven  by  a  growing  consensus 
that  some  form  of  “sequentialization”  is  necessary  to  reduce  the  overhead  of  managing  fine-grained  parallel  tasks 
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on  stock  hudwate  (see,  for  example,  [13,  37, 22]),  implementors  of  committed  choice  languages  are  investigating 
the  use  of  compile>time  analyses  to  coalesce  fine-grained  tasks  into  coarser-grained  sequentiad  threads  that  can 
be  implemented  more  efficiently.  This,  again,  leads  to  implementations  where  individual  sequential  threads 
execute  in  a  stack-oriented  manner,  but  where  sets  of  such  threads  are  represented  via  heap-allocated  activation 
records  that  employ  dataflow  synchronisation.  Interestingly,  and  conversely,  in  the  context  of  parallel  Prolog 
systems,  there  is  also  a  growing  body  of  work  trying  to  address  the  problem  of  automatic  parallelizing  compilers 
often  ‘^aralldising  too  much”  which  appears  if  the  target  architecture  is  not  capable  of  supporting  fine  grain 
parallelism.  Figure  2.4  illustrates  this  (and  in  fact  reflects  the  interactions  among  the  partners  of  the  ParForCE 
Esprit  project,  where  some  of  these  interactions  are  being  investigated). 
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This  convergence  of  trends  is  exciting;  it  suggests  that  we  are  beginning  to  imderstand  the  essential  imple¬ 
mentation  issues  for  these  languages,  and  that  from  an  implementor’s  perspective  these  languages  are  not  as 
fundamentally  diflerent  as  was  originally  believed.  It  also  opens  up  the  possibility  of  having  a  general  purpose 
abstract  machine  to  serve  as  a  compilation  target  for  a  variety  of  languages.  As  mentioned  before  this  is  precisely 
one  of  the  objectives  of  the  CIAO  system.  Encouraging  initial  results  in  this  direction  have  been  demonstrated 
in  the  sequential  context  by  the  QD-Janus  system  [12]  of  S.  Debray  and  his  group.  QD-Janus,  which  compiles 
down  to  Sicstus  Prolog  and  uses  the  delay  primitives  of  the  Prolog  system  to  implement  dataflow  synchroniza¬ 
tion,  turns  out  to  be  more  than  three  times  faster,  on  the  average,  than  Kliger’s  customized  implementation  of 
FCP(:)  [23]  and  reqtiires  two  orders  of  magnitude  less  heap  memory  [11].  We  believe  that  this  point  will  also 
extend  to  parallel  systems:  as  noted  above,  the  fr-Prolog  system  already  supports  stack-oriented  parallel  execu¬ 
tion  together  with  arbitrary  ccmtrol  dependencies,  suspension,  and  dataflow  synchronization  via  user-supplied 
wait-declarations,  all  characteristics  that  CIAO  inherits.  This  suggests  that  the  dependence  graphs  and  wait- 
declarations  of  Ic-Prolog/CIAO  can  serve  as  a  common  intermediate  language,  and  its  runtime  s^tem  can  act  as 
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an  appropriate  common  low-level  implementation,  for  a  variety  of  parallel  logic  programming  implementations. 
We  do  not  mean  to  suggest  that  the  performance  of  such  a  system  will  be  optimal  for  all  possible  logic  pro- 
granoming  languages:  our  claim  is  rather  that  it  will  provide  a  way  to  reseuchers  in  the  community  implement 
their  languages  with  considerably  less  effort  than  has  been  possible  to  date,  and  yet  attun  reasonably  good 
performance.  We  are  currently  exploring  these  points  in  collaboration  with  S.  Debray. 

3  Some  of  our  recent  work  in  this  context 

We  now  provide  an  overview  of  our  recent  work  in  filling  some  of  the  gaps  that,  in  our  understanding,  are 
missing  in  order  to  fulfill  the  objectives  outlined  in  the  previous  section. 

3.1  Parallelism  based  on  Non-Strict  Independence 

One  of  our  starting  steps  is  to  improve  the  independence-based  detection  of  parallelism  based  on  information 
that  can  be  obtained  from  global  analysis  using  the  current  state  of  the  art  in  abstract  interpretation.  We  have 
had  a  quite  successful  experience  using  this  technique  for  detecting  the  classicaJ  notion  of  “strict”  independence. 
These  results  are  summarized  in  [3] ,  which  compares  the  performance  of  severaJ  abstract  interpretation  domaiins 
amd  parallelization  algorithms  using  the  ^-Prolog  compiler  and  system. 

While  these  results  are  quite  encouraging  there  is  another  notion  of  independence  -  “non-strict”  indepen¬ 
dence  [18]  -  which  ensures  the  same  important  “no  slow  down”  properties  thaui  the  traditional  notion  of  strict 
independence  autd  adlows  considerable  more  parallelism  thaui  strict  independence  [33] .  The  support  of  non-strict 
independence  requires,  however,  a  review  of  our  compile-time  parallelization  technology  which  to  date  has  been 
exclusively  based  on  strict  independence.  In  [4]  we  describe  some  of  our  recent  work  filling  this  gap.  Rules  and 
algorithnos  are  provided  for  detecting  auad  aumotating  non-strict  independence  at  compile-time.  We  also  propose 
algorithms  for  combined  compile-time/run-time  detection,  including  run-time  checks  for  this  type  of  paraUelism, 
which  in  some  caMes  turn  out  to  be  different  from  the  traditional  groundness  and  independence  checks  used  for 
strict  independence.  The  approach  is  baued  on  the  knowledge  of  certaun  properties  about  run-time  instamtia- 
tions  of  program  variables  — sharing,  groundness,  freeness,  etc. —  for  which  compile-time  technology  is  available, 
with  new  approaches  being  currency  proposed.  Rather  than  deading  with  the  analysis  itself,  we  present  how 
the  analysis  results  can  be  used  to  pauallelize  prograuns. 

3.2  Parallelization  in  the  Presence  of  Constraints:  Independence  /  Stability 

In  the  CIAO-Prolog  system,  from  the  language  point  of  view,  we  assume  a  constraint-based,  non-deterministic 
logic  programming  language.  As  such,  and  apart  from  the  concurrency /coroutining  primitives,  the  user  lamguage 
can  be  viewed  as  similar  to  Prolog  when  working  on  the  Herbrand  domaun,  and  to  systems  such  as  CLP(R)  or 
CHIP  when  working  over  other  domains.  This  implies  that  the  traditional  notions  of  independence  /  stability 
need  to  be  evaluated  in  this  context  and,  if  necessary,  extended  to  deal  with  the  fact  that  constraint  solving  is 
occurring  in  the  actual  execution  in  lieu  of  unification. 

Previous  work  in  the  context  of  traiditional  Logic  Programming  languages  has  concentrated  on  defining 
independence  in  terms  of  preservation  of  search  space,  and  such  preservation  has  then  been  achieved  by  ensuring 
that  either  the  goals  do  not  share  variables  (strict  independence)  or  if  they  share  variables,  that  they  do  not 
“compete”  for  their  bindings  (non-strict  independence). 

In  [10]  we  have  shown  (in  collaboration  with  Monash  University)  that  a  naive  extrapolation  of  the  traditional 
notions  cff  independence  to  Constraint  Logic  Programming  is  unsatisfactory  (in  fact,  wrong)  for  two  reasons. 
First,  because  interaction  between  variables  through  constraints  is  more  complex  than  in  the  case  of  logic 
programming.  Second,  in  order  to  ensure  the  efficiency  of  several  optimizations  not  only  must  independence 
of  the  search  space  be  considered,  but  also  an  orthogonal  issue  -  ‘^dependence  of  constraint  solving.”  We 
clarify  these  issues  by  proposing  various  types  of  search  independence  and  constraint  solver  independence,  and 
show  how  they  can  be  combined  to  allow  different  independence-related  optimizations,  in  particular  parallelism. 
Sufficient  ccmditions  for  independence  which  can  be  evaluated  “a-priori”  at  run-time  and  are  easier  to  identify 
at  compile-time  than  the  original  definitions,  are  also  proposed.  Also,  it  has  been  shown  how  the  concepts 
proposed,  when  ^plied  to  traditional  Logic  Programming,  render  the  traditional  notions  and  are  thus  a  strict 
generalization  of  such  notions. 
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3.3  Extending  Global  Analysis  Technology  to  CLP 

As  mentioned  before,  since  many  optimizations,  including  independence  /  stability  detection,  are  greatly  aided 
by  (and  sometimes  even  require)  global  analysis,  traditional  global  analysis  techniques .  have  to  be  extended 
to  deal  with  the  fact  that  constraint  solving  is  occurring  in  the  actual  execution  in  lieu  of  unification.  In  [9] 
we  present  and  illustrate  with  an  implementation  a  practical  approach  to  the  dataflow  analysis  of  programs 
written  in  constraint  logic  programming  (CLP)  languages  using  abstract  interpretation.  We  argue  that,  from 
the  framework  point  of  view,  it  suflBces  to  propose  quite  simple  extensions  to  traditional  analysis  methods  which 
have  already  been  proved  useful  and  practiced  and  for  which  efficient  fixpoint  algorithms  have  been  developed. 
This  is  shown  by  proposing  a  simple  but  quite  general  extension  to  the  analysis  of  CLP  programs  of  Bruynooghe’s 
traditional  framework,  and  describing  its  implementation  -  the  “PLAF  system.  As  the  original,  the  framework 
is  parametric  and  we  provide  correctness  conditions  to  be  met  by  the  abstraict  domain  related  functions  to  be 
provided.  In  this  extension  constraints  are  viewed  not  as  “suspended  goals”  but  rather  as  new  information  in 
the  store,  following  the  traditional  view  of  CLP.  Using  this  approach,  and  as  an  example  of  its  use,  a  complete, 
constraint  system  independent,  abstract  analyns  is  presented  for  approximating  definiteness  information.  The 
analysis  is  in  fact  of  quite  general  applicability.  It  has  been  implemented  and  used  in  the  analysis  of  CLP(R) 
and  Prolog-in  applications.  Results  from  this  implementation  are  also  presented  which  show  good  efficiency 
and  accuracy  for  the  analysis. 

This  framework,  combined  with  the  ideas  of  [10]  (and  [29])  presented  in  the  previous  section,  is  the  basis 
for  our  current  development  of  automatic  parallelization  tools  for  CLP  programs,  and,  in  particular,  of  the 
parallelizer  for  the  CIAO>Prolog  system. 

3.4  Extending  Global  Analysis  Technology  for  Explicit  Concurrency 

Another  step  that  has  to  be  taken  in  adapting  current  compile-time  technology  to  CIAO  systems  is  to  develop 
global  analysis  technology  which  can  deal  with  the  fact  that  the  new  computation  rules  allow  the  specification 
of  concurrent  executions.  While  there  have  been  many  approaches  proposed  in  the  literature  to  address  this 
problem,  in  a  first  approach  we  focus  on  a  class  of  languages  (wUch  includes  modern  Prologs  with  delay 
declarations)  which  provide  both  sequential  and  concurrent  operators  for  composing  goals.  In  this  approach 
we  concentrate  on  extending  traditional  abstract  interpretation  based  global  analysis  techniques  to  incorporate 
these  new  computation  rules.  This  gives  a  practical  method  for  analyzing  (constraint)  logic  programming 
languages  with  (explicit)  dynamic  scheduling  policies,  which  is  at  the  same  time  equally  powerful  as  the  older 
methods  for  traditional  programs. 

We  have  developed,  in  collaboration  with  the  University  of  Melbourne,  a  framework  for  global  dataflow 
analysis  of  this  class  of  languages  [28].  First,  we  give  a  denotational  semantics  for  languages  with  dynamic 
scheduling  which  provides  the  semantic  basis  for  our  generic  analysis.  The  main  difference  with  denotational 
definitions  for  traditional  Prolog  is  that  sequences  of  delayed  atoms  must  also  be  abstracted  and  ue  included  in 
“calls”  and  “answers.”  Second,  we  give  a  generic  global  dataflow  amalysis  algorithm  which  is  based  on  the  deno¬ 
tational  semantics.  Correctness  is  formalized  in  terms  of  abstrMt  interpretation.  The  analysis  gives  information 
about  call  arguments  and  the  delayed  calls,  as  well  as  implicit  information  about  possible  call  schedulings  at 
runtime.  The  analysis  is  generic  in  the  sense  that  it  has  a  parametric  domain  and  various  parametric  functions. 
Finally,  we  demonstrate  the  utility  and  practical  importance  of  the  dataflow  analysis  algorithm  by  presenting 
and  implementing  an  example  instantiation  of  the  generic  analysis  which  gives  information  about  groundness 
and  freeness  of  variables  in  the  delayed  and  actual  caUs.  Some  preliminary  test  results  are  included  in  which 
the  information  provided  the  implemented  analyzer  is  used  to  reduce  the  overhead  of  dynamic  scheduling  by 
removing  unnecessary  tests  for  delaying  and  awakening,  to  reorder  goals  so  that  atoms  are  not  delayed,  and  to 
recognize  calls  which  ate  “independent”  and  so  allow  the  program  to  be  run  in  parallel. 

3.5  Granularity  Analysis 

While  logic  programming  languages  offer  a  great  deal  of  scope  for  parallelism,  there  is  usually  some  overhead 
associated  with  the  execution  of  goals  in  parallel  because  of  the  work  involved  in  task  creation  and  scheduling. 
In  practice,  therefore,  the  “granularity”  of  a  goal,  i.e.  an  estimate  of  the  work  available  under  it,  should  be  taken 
into  account  when  deciding  whether  or  not  to  execute  a  goal  in  parallel  as  a  separate  task.  Building  on  the  ideas 
first  proposed  in  [13]  we  describe  in  [25]  a  proposal  for  an  automatic  granularity  control  system,  which  is  based 
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on  an  accurate  granularity  analysis  and  program  transformation  techniques.  The  proposal  covers  granualrity 
control  of  both  and-parallelism  and  or-paralleUsm.  The  system  estimates  the  granularities  of  goals  at  compile 
time,  but  they  are  actually  evaluated  at  runtime.  The  runtime  overhead  associated  with  our  approach  is  usually 
quite  small,  and  the  performance  improvements  resulting  from  the  incorporation  of  grain  size  control  can  be 
quite  good.  Moreover  a  static  analysis  of  the  overhead  associated  with  granularity  control  process  is  performed 
in  order  to  decide  its  convenience. 

The  method  proposed  requires  among  other  things  knowing  the  size  of  the  terms  to  which  program  variables 
are  bound  at  run-time  (something  which  is  useful  in  a  class  of  optimizations  which  also  include  recursion 
elimination).  Such  size  is  difficult  to  even  approximate  at  compile  time  and  is  thus  generally  computed  at 
run-time  by  using  (possibly  predefined)  predicates  which  traverse  the  terms  involved.  In  [26]  we  propose  a 
technique  based  on  program  transformation  which  has  the  potential  of  performing  this  computation  much 
more  efficiently.  The  technique  is  based  on  finding  program  procedures  which  are  csdled  before  those  in  which 
knowledge  regarding  term  sizes  is  needed  and  which  traverse  the  terms  whose  size  is  to  be  determined,  and 
transforming  such  procedures  so  that  they  compute  term  sizes  “on  the  fly”.  We  present  a  systematic  way 
of  determining  whether  a  given  program  can  be  transformed  in  order  to  compute  a  given  term  size  at  a  given 
program  point  without  additional  term  traversal.  Also,  if  several  such  transformations  are  possible  our  approach 
allows  finding  minimal  transformations  under  certain  criteria.  We  also  discuss  the  advantages  and  applications 
of  our  technique  and  present  some  performance  results. 

3.6  Memory  Management  and  Scheduling  in  Non-deterministic  And-parallel  Sys¬ 
tems 

From  our  experience  with  the  Iz-Prolog  system  implementation  [17],  the  results  from  the  DDAS  simulator  [32], 
and  from  informal  conversations  with  the  Andorra-I  developers,  efficient  memory  management  in  systems  which 
exploit  and-parallelism  is  a  problem  for  which  current  solutions  are  not  completely  satisfactory.  This  appe2urs  to 
be  specially  the  case  with  and-parallel  systems  which  support  don’t-know  nondeterminism  or  deep  guards.  We 
believe  uon-determinutic  and-parallel  schemes  to  be  highly  interesting  in  that  they  present  a  relatively  general 
set  of  problems  to  be  solved  (including  most  of  those  encountered  in  the  memory  management  of  or-parallel 
only  systems)  and  have  chosen  to  concentrate  on  their  study. 

In  collaboration  with  U.  of  Bristol,  we  have  developed  a  distributed  stack  memory  management  model  which 
allows  flexible  scheduling  of  goals.  Previously  proposed  models  are  lacking  in  that  they  impose  restrictions  on 
the  selection  of  goals  to  be  executed  or  they  may  require  a  large  amount  of  virtual  memory.  Our  measurements 
imply  that  the  above  mentioned  shortcomings  can  have  significant  performance  impacts,  and  that  the  extension 
that  we  propose  of  the  “Marker  Model”  allows  flexible  scheduling  of  goals  while  keeping  (virtual)  memory 
consumption  down.  We  also  discuss  methods  for  handling  forward  and  backward  execution,  cut,  and  roll  back. 
Also,  we  show  that  the  mechanism  proposed  for  flexible  scheduling  can  be  applied  to  the  efficient  handling  of 
the  very  general  form  of  suspension  that  can  occur  in  systems  which  combine  several  types  of  non-deterministic 
and-paralleUsm  and  advanc^  computation  rules,  such  as  PNU-Prolog  [30],  IDIOM  [16],  DDAS  [32],  AKL  [20], 
and,  in  general,  those  that  can  be  seen  as  an  instantiation  of  the  extended  Andorra  model  [40].  Thus,  we  believe 
that  the  results  may  be  applicable  to  a  whole  class  of  and-  and  or-parallel  systems.  Our  solutions  and  results 
are  described  more  fully  in  [34]. 

3.7  Incorporating  Or-Parallelism:  The  ACE  Approach 

Another  important  issue  is  the  incorporation  of  Or-parallelism  to  an  and-parallel  system.  This  implies  well 
known  problems  related  to  or-par^dlelism  itself,  such  as  the  maintenance  of  several  binding  environments,  as 
wdl  as  new  problems  such  as  the  interactions  of  the  multiplicity  of  binding  environments  and  threads  of  or- 
parallel  computation  with  the  scoping  and  memory  management  requirements  of  and-parallelism.  The  stack 
copying  approach,  as  exemplified  by  the  MUSE  system,  has  been  shown  to  be  a  quite  successful  alternative  for 
representing  multiple  environments  during  or-parallel  execution  of  logic  programs.  In  collaboration  with  the  U. 
of  New  Mexico  and  U.  of  Bristol  we  have  developed  an  approach  for  parallel  implementation  of  logic  programs, 
described  more  fully  in  [15],  which  we  believe  is  capable  of  exploiting  both  or-parallelism  and  independent 
and-parallelism  (as  well  as  other  types  of  and-paralleUsm)  in  an  efficient  way  using  stack  copying  ideas.  This 
model  combines  such  ideas  with  proven  techniques  in  the  implementation  of  independent  and-parallelism,  such 
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as  those  used  in  &-Ptolog.  We  show  how  all  solutions  to  non-deterministic  and-parallel  goals  are  found  without 
repetitions.  This  is  done  through  re-computation  as  in  Prolog  (and  ^-Prolog),  i.e.,  solutions  of  and-parallel 
goals  are  not  shared.  We  propose  ,a  scheme  for  the  efficient  management  of  the  address  space  in  a  way  that 
is  compatible  with  the  apparently  incompatible  requirements  of  both  and-  and  or-parallelism.  This  scheme  al¬ 
lows  incorporating  and  combining  the  memory  management  techniques  used  in  (non-deterministic)  and-parallel 
systems,  such  as  those  mentioned  in  the  previous  section,  and  memory  management  techniques  of  or-parallel 
systems,  such  as  incremental  copying.  We  also  show  how  the  full  Prolog  language,  with  ^J1  its  extra-logical  fea¬ 
tures,  can  be  supported  in  our  and-or  parallel  system  so  that  its  sequential  semantics  is  preserved.  The  resulting 
system  retains  the  advantages  of  both  purely  or-parallel  systems  as  well  as  purely  and-parallel  systems.  The 
stack  copying  scheme  together  with  our  proposed  memory  management  scheme  can  also  be  used  to  implement 
models  that  combine  dependent  and-parallelism  and  or-parallelbm,  such  as  Andorra  and  Prometheus. 
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Abstract 

Oz  is  an  attempt  to  create  a  high-level  concurrent  programming  language  providing  the 
problem  solving  capabilities  of  logic  programming  (i.e.,  constraints  and  search).  Its  compu¬ 
tation  model  can  be  seen  as  a  rather  radical  extension  of  the  concurrent  constraint  model 
providing  for  higher-order  programming,  deep  guards,  state,  and  encapsulated  search.  This 
paper  focuses  on  the  most  recent  extension,  a  higher-order  combinator  providing  for  en¬ 
capsulated  search.  The  search  combinator  spawns  a  local  computation  space  emd  resolves 
remaining  dioices  by  returning  the  alternatives  as  first-class  citizens,  lliie  search  combi¬ 
nator  allows  to  program  different  search  strategies,  including  depth-first,  indeterministic 
one  solution,  demand-driven  multiple  solution,  all  solutions,  and  best  solution  (branch 
and  bound)  search.  The  paper  also  discusses  the  semantics  of  integer  and  finite  domain 
constraints  in  a  deep  guard  computation  model. 


1  Introduction 

Oz  [2,  7,  6,  1]  is  an  attempt  to  create  a  high-level  concurrent  programming  language  providing 
the  problem  solving  capabilities  of  logic  programming  (i.e.,  constraints  and  search).  Its  compu¬ 
tation  model  can  be  seen  as  a  rather  radical  extension  of  the  concurrent  constraint  model  [5] 
providing  for  higher-order  programming,  deep  guards,  state,  and  encapsulated  search.  This  pa¬ 
per  focuses  on  the  most  recent  extension,  a  higher-order  combinator  providing  for  encapsulated 
search.  The  search  combinator  spawns  a  local  computation  space  and  resolves  remaining  choices 
by  returning  the  alternatives  as  first-class  citizens.  The  search  combinator  edlows  to  program 
different  search  strategies,  including  depth-first,  indeterministic  one  solution,  demand-driven 
multiple  solution,  all  solutions,  and  best  solution  (branch  2uid  bound)  search.  The  paper  also 
discusses  the  semantics  of  integer  and  finite  domain  constraints  in  a  deep  guard  computation 
model,  which  is  an  interesting  issue  since  these  constraints  cannot  be  realized  with  their  declar¬ 
ative  semantics  (due  to  intractability  and  even  undecidability  of  satisfiability  and  entailment). 

The  idea  behind  our  search  combinator  is  simple  and  new.  It  exploits  the  f2u:t  that  Oz  is  a 
higher-order  language.  The  search  combinator  is  given  an  expression  E  and  a  variable  x  (i.e., 
a  predicate  x/E)  with  the  idea  that  E  (which  deciaratively  reads  as  a  logic  formula)  is  to  be 
solved  for  *.  The  combinator  spawns  a  local  computation  space  for  E,  which  evolves  until  it 
fails  or  becomes  stable  (a  property  known  from  AKL).  If  the  loceil  computation  space  evolves 
to  a  stable  expression  (A  V  B)  A  C,  the  two  alternatives  are  returned  as  predicates: 

x/(AVB)AC  -)■  x/AAC,  x/BaC. 

If  the  local  computation  space  evolves  to  a  stable  expression  C  not  containing  a  distributable 
disjunction,  it  is  considered  solved  and  the  predicate  x/C  is  returned. 

We  now  relate  Oz  to  AKL  and  cc(FD),  two  first-order  concurrent  constraint  programming 
languages  having  important  aspects  in  common  with  Oz. 

AKL  [3]  is  a  deep  guard  language  aiming  like  Oz  at  the  integration  of  concurrent  and  logic 
programming.  AKL  can  encapsulate  search.  AKL  admits  distribution  of  a  nondeterminate 
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choice  in  a  local  computation  space  spawned  by  the  guard  of  a  clause  when  the  space  has  become 
stable  (a  crucial  control  condition  we  have  also  adopted  in  Oz).  In  AKL,  search  alternatives  are 
not  available  as  first-class  citizens.  All  solutions  search  is  provided  through  an  extra  primitive. 
Best  solution  and  demand-driven  multiple  solution  search  are  not  expressible. 

cc(FD)  [8]  is  a  constraint  programming  language  specialized  for  finite  domain  constraints. 
It  employs  a  Prolog-style  search  strategy  and  three  concurrent  constraint  combinators  called 
cardinality,  constructive  disjunction,  and  blocking  implication.  It  is  a  compromise  between  a  flat 
and  a  deep  guard  language  in  that  combinators  can  be  nested  into  combinators,  but  procedure 
calls  (and  hence  nondeterminate  choice)  cannot.  Encapsulated  best  solution  search  is  provided 
as  a  primitive,  but  its  control  (e.g.,  stability)  is  left  unspecifled. 

The  paper  is  organized  as  follows.  Section  2  gives  an  informal  presentation  of  Oz’s  compu¬ 
tation  model,  and  Section  3  relates  Oz  to  logic  programming  by  means  of  examples.  Section  4 
shows  how  encapsulated  and  demand-driven  search  can  be  integrated  into  a  reeictive  language. 
Section  5  presents  the  search  combinator,  and  Section  6  shows  how  the  search  strategies  men¬ 
tioned  above  can  be  programmed  with  it.  Section  7  discusses  how  integer  and  finite  domain 
constraints  are  accommodated  in  Oz.  Section  8  puts  everything  together  by  showing  how  the 
N-Queens  problem  can  be  solved  in  Oz. 

2  Computation  Spaces,  Actors,  and  Blackboards 

The  computation  model  underlying  Oz  generalizes  the  concurrent  constraint  model  (CC)  [5]  by 
providing  for  higher-order  programming,  deep  guard  combinators,  and  state.  Deep  guard  com¬ 
binators  introduce  local  computation  spaces,  as  in  the  concurrent  constraint  language  AKL  [3]. 
Recall  that  there  is  only  one  computation  space  in  CC. 

In  [6]  we  give  a  formal  model  of  computation  in  Oz,  consisting  of  a  calculus  rewriting 
expressions  modulo  a  structural  congruence  relation,  similu  to  the  setup  of  the  )r-calculus  [4]. 
For  the  purposes  of  this  paper,  an  informal  presentation  of  Oz’s  computation  model,  ignoring 
state,  will  suffice. 

A  computation  space  consists  of  a  number  of  actors^  connected  to  a  blackboard. 

I 

I 

Actor  Actor 

\  / 

Blackboard 

The  actors  read  the  blackboard  and  reduce  once  the  blackboard  contains  sufficient  information. 
The  information  on  the  blackboard  increases  monotonic2dly.  When  an  actor  reduces,  it  may 
put  new  information  on  the  blackboard  and  create  new  actors.  As  long  as  an  actor  does  not 
reduce,  it  does  not  have  an  outside  effect.  The  actors  of  a  computation  space  are  short-lived: 
once  they  reduce  they  disappear.  Actors  may  spawn  local  computation  spaces. 

The  blackboard  stores  a  constraint  (constraints  are  closed  under  conjunction,  hence  one 
constraint  suffices)  and  a  number  of  named  abstractions  (to  be  explained  later).  Constraints 
zue  formulas  of  first-order  predicate  logic  with  equality  that  are  interpreted  in  a  fixed  first- 
order  structure  called  the  Oz  Universe.  For  the  purposes  of  this  paper  it  suffices  to  know 
that  the  Oz  Universe  provides  rational  trees  (as  in  Prolog  II)  and  integers.  The  constraint  on 
the  blackboard  is  always  satisfiable  in  the  Oz  Universe.  We  say  that  a  blackboard  entails  a 
constraint  ^  if  the  implication  ^  ip  is  valid  in  the  Oz  Universe,  where  (p  is  the  constraint 
stored  on  the  blackboard.  We  say  that  a  blackboard  is  consistent  with  a  constraint  ip  if  the 
conjunction  ip  A  ip  is  satisfiable  in  the  Oz  Universe,  where  <p  is  the  constraint  stored  on  the 

*Oz’*  acton  are  different  from  Hewitt’s  acton.  We  reserve  the  term  agent  for  longer-lived  computational 
activities  enjoying  persistent  and  fint-class  identity. 
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blackboard.  Since  the  constraint  on  the  blackboard  can  only  be  observed  through  entailment 
and  consistency  testing,  it  suffices  to  represent  it  modulo  logical  equivalence. 

There  are  several  kinds  of  actors.  This  section  will  introduce  elaborators,  conditionals,  and 
d^j  unctions. 

An  elaborator  is  an  actor  executing  an  expression.  The  expressions  we  will  consider  in  this 
section  are  defined  as  follows: 

E  ::=  <l>  \  El  E2  \  local  x  in  end 

I  proc  {xyi-.  .y„}  E  end  |  {x  yi .  ..y„} 

I  if  Cl  0  ■  ■  •  0  C'n  else  fi  |  or  Ci  Q  . . .  0  C'n  ro 
C  :;=  El  then  £’2  |  *1 ...  i„  in  Ei  then  £2 

Elaboration  of  a  constraint  ^  checks  whether  ^  is  consistent  with  the  blackboard.  If  this  is 
the  case,  ^  is  coiyoined  to  the  constraint  on  the  blackboard;  otherwise,  the  computation  space 
is  marked  failed  and  all  its  actors  are  cancelled.  Elaboration  of  a  constraint  corresponds  to  the 
eventu2d  tell  operation  of  CC. 

Elaboration  of  a  concurrent  composition  £1  £2  creates  two  separate  elaborators  for  £1 
and  £2. 

Elaboration  of  a  variable  declaration  local  z  in  £  end  creates  a  new  variable  (local  to  the 
computation  space)  and  an  elaborator  for  the  expression  £.  Within  the  expression  £  the  new 
variable  is  referred  to  by  z.  Every  computation  space  maintains  a  finite  set  of  local  variables. 

Elaboration  of  a  procedure  definition  proc  {z  yi . . .  yn}  E  end  chooses  a  fresh  name  a,  writes 
the  named  abstraction  a:  yi..  .ynjE  on  the  blackboard,  and  creates  an  elaborator  for  the  con¬ 
straint  z  =  a.  Names  are  constants  denoting  pairwise  distinct  elements  of  the  Oz  Universe; 
there  are  infinitely  many.  Since  abstractions  are  associated  with  fresh  names  when  they  are 
written  on  the  blackboard,  a  name  cannot  refer  to  more  than  one  abstraction. 

Elaboration  of  a  procedure  application  {xyx  . .  ■  yn}  waits  until  the  blackboard  entails  z  =  a 
and  contains  a  named  abstraction  a:  zi . . .  z„/£,  for  some  name  a.  When  this  is  the  case,  an 
elaborator  for  the  expression  £[yi/zi . .  .yn/®n]  is  created  (£[yi/xi . .  .yn/zn]  is  obtained  from 
£  by  replacing  the  formal  arguments  zi, . . . , Zn  with  the  actuad  arguments  yi , . . . ,  yn). 

This  simple  treatment  of  procedures  provides  for  all  higher-order  programming  techniques. 
By  making  variables  denote  names  rather  than  higher-order  values,  we  obtain  a  smooth  combi¬ 
nation  of  first-order  constraints  with  higher-order  programming. 

The  elaboration  of  conditional  expressions  is  more  involved.  We  first  consider  the  special 
case  of  a  one  clause  conditional  with  flat  guard. 

Elaboration  of  if  ^  then  Ei  else  £2  fi  creates  a  conditional  actor,  which  waits  until  the 
blackboard  entails  either  ^  or  If  the  blackboud  entails  <i>  [-<^],  the  conditional  actor 
reduces  to  an  elaborator  for  £1  [£2].  In  CC,  such  a  conditional  can  be  expressed  as  a  parallel 
composition  (ask^  £1)  ||  (ask-i^  -¥  £2)  of  two  ask  clauses. 

Elaboration  of  a  conditional  expression  if  Ci  0. .  .0  Cn  else  £  fi  creates  a  conditional  actor 
spawning  a  local  computation  space  for  each  clause  Ci.  A  clause  takes  the  form 

zi  ...Xk  in  £  then  D 

where  the  local  variables  xi,...,Xk  range  over  both  the  guard  £  and  the  body  D  of  the  clause. 
We  speak  of  a  deep  guard  if  £  is  not  a  constraint.  In  Oz,  any  expression  can  be  used  as  a  guard. 
This  is  similar  to  AKL  and  in  contrast  to  CC,  where  guards  are  restricted  to  constraints.  The 
local  computation  space  for  a  clause 


z  in  £  then  D 

(clauses  with  no  or  several  local  variables  are  dealt  with  similarly)  is  created  with  an  empty 
blackboard  and  an  elaborator  for  the  expression  local  z  in  £  end. 

Constraints  from  the  global  blackboard  (the  blackboard  of  the  computation  space  the  con¬ 
ditional  actor  belongs  to)  are  automatically  propagated  to  local  spaces  by  elaborating  them 
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in  the  local  spaces  (propagation  of  global  constraints  can  fail  local  spaces).  Moreover,  named 
abstractions  from  global  blackboards  are  copied  to  local  blackboards  (conflicts  cannot  occur). 

We  say  that  a  clause  of  a  conditional  actor  is  entailed  if  its  associated  computation  space 
5  is  not  failed,  S  has  no  actors  left,  and  the  global  board  entails  3y4>,  where  y  are  the  local 
variables  of  S  and  is  the  constraint  of  the  blackboard  of  5.  Entulment  of  a  local  space  is  a 
stable  property,  (i.e.,  remains  to  hold  when  computation  proceeds). 

A  conditional  actor  must  wait  until  either  one  of  its  clauses  is  entailed  or  all  its  clauses  (i.e., 
their  associated  local  spaces)  are  failed. 

If  all  clauses  of  a  conditional  actor  if  Ci  0  ...  QCn  else  E  fi  are  failed,  the  conditional  actor 
reduces  to  an  elaborator  for  the  expression  E  (the  else  constituent  of  the  conditional). 

If  a  clause  x,-  in  Ei  then  Di  of  a  conditional  actor  is  entailed,  the  other  clauses  and  their 
associated  spaces  are  discarded,  the  space  associated  with  the  entailed  clause  is  merged  with 
the  global  space  (conflicts  cannot  occur),  and  the  conditional  actor  reduces  to  an  elaborator 
for  Di  (the  body  of  the  clause). 

Elaboration  of  a  disjunctive  expression  or  Ci  0  ...  D  Cn  ro  creates  a  disjunctive  actor  spawn¬ 
ing  a  local  computation  space  for  every  clause  Ci,...,Cn-  The  local  spaces  are  created  in  the 
same  way  as  for  conditionals.  As  with  conditional  clauses,  constraints  and  named  abstractions 
from  the  global  blackboard  are  automatically  propagated  to  local  blackboards. 

A  disjunctive  actor  must  wait  until  all  but  possibly  one  of  its  clauses  are  failed,  or  until  a 
clause  whose  body  is  the  trivi2d  constraint  true  is  entailed.  In  the  latter  case,  the  disjunctive 
actor  just  disappears  (justified  by  the  equivalence  AA(AV  B)  =  A) .  If  all  clauses  of  a  disjunctive 
actor  are  failed,  the  space  of  the  disjunctive  actor  is  failed  (i.e.,  all  its  actors  are  cancelled). 
If  all  but  one  clause  of  a  disjunctive  actor  are  failed,  it  reduces  with  the  unfailed  clause.  This 
is  done  in  two  steps.  First,  the  space  associated  with  the  unfailed  clause  is  merged  with  the 
global  space,  and  then  an  elaborator  for  the  body  of  the  clause  is  created.  The  merge  of  the 
local  with  the  global  space  may  fail  because  the  local  constraint  may  be  inconsistent  with  the 
global  constraint.  In  this  case  the  global  space  will  be  failed. 

3  Example;  Length  of  Lists 

This  section  clarifies  how  Oz  relates  to  logic  programming  and  Prolog. 

The  Horn  clauses 

length(nil,0) 

length(X|Xr,  s(M) )  +-  length(Xr,M) 

define  a  predicate  length  (Xs.N)  that  holds  if  Xs  is  a  list  of  length  N.  Numbers  are  represented 
as  trees  0,  s(0),  s(s(0)),  . . .,  and  lists  as  trees  . .  .|t„|nil.  The  intended  semantics  of  the 
clauses  is  captured  by  the  equivalence 

length(X$,N)  Xs  =  nilAN  =  0 

V  3X,Xr,M  (Xs  =  XlXrAN  =s(M)  Alength(Xr,M)), 

which  is  obtained  from  the  Horn  clauses  by  Clark’s  completion.  The  equivalence  exhibits  the  rel¬ 
evant  primitives  and  combinators  of  logic  programming:  constraints  (i.e.,  Xs=:nil),  conjunction, 
existential  quantification,  disjunction,  and  definition  by  equivalence.  Given  the  equivalence,  it 
is  easy  to  define  the  length  predicate  in  Oz: 
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proc  {Length  Xs  N} 

or  Xs=nil  N=:0  then  true 

D  X  Xr  M  in  X$=X|Xr  N=s(M)  then  {Length  Xr  M} 
ro 
end 

There  are  two  things  that  need  explanation.  First,  the  predicate  is  now  referred  to  by  a  variable 
Length,  as  to  be  expected  in  a  higher-order  language.  Second,  the  two  disjunctive  clauses  have 
been  divided  into  guards  and  bodies.  The  procedure  application  {Length  Xr  M}  is  put  into  the 
body  to  obtain  a  terminating  operational  semantics. 

To  illustrate  the  operational  semantics  of  Length,  assume  that  the  procedure  definition  has 
been  elaborated.  Now  we  enter  the  expression 

declare  Xs  N  in  {Length  Xs  N} 

whose  elaboration  declares  two  new  variables  Xs  and  N  and  reduces  the  procedure  application 
{Length  Xs  N}  to  a  disjunctive  actor.  The  declare  expression  is  a  variant  of  the  local  expression 
whose  scope  extends  to  expressions  the  programmer  enters  later.  The  disjunctive  actor  cannot 
reduce  since  there  is  no  information  about  the  variables  Xs  and  N  on  the  global  blackboard. 
It  now  becomes  clear  why  we  did  not  write  the  recursive  procedure  application  {Length  Xr  M} 
into  the  guard:  this  would  have  caused  divergence. 

Now  we  enter  the  constraint  is  a  variable  occurring  only  once) 

N  =  s(s(.)) 

Since  N  =  *($(-) )  is  inconsistent  with  the  constraint  N=0  on  the  local  blackboard,  the  first 
clause  of  the  suspended  disjunctive  actor  can  now  be  failed  and  the  disjunctive  actor  can  reduce 
with  its  second  clause.  This  will  elaborate  the  recursive  application  {Length  Xr  M}  and  create 
a  new  disjunctive  actor  whose  first  clause  fails  immediately.  This  will  create  once  more  a  new 
disjunctive  actor,  which  this  time  cannot  reduce.  The  global  blackboard  now  entails 

Xs  =  .l.l.  N  =  $(s(.)) 


Next  we  enter  the  constraint 

Xs  =  l|2|nil 

whose  elaboration  fails  the  second  clause  of  the  suspended  disjunctive  actor  (since  x  =  nil  is 
inconsistent  with  x  =  y\z).  Hence  the  suspended  actor  reduces  with  its  first  clause,  no  new 
disjunctive  actor  is  created,  and  the  blackboard  finally  entails 

Xs  =  l(2|nil  N  =  s(s(0) ) 

The  example  illustrates  important  differences  between  Oz  and  Prolog;  if  there  are  alterna¬ 
tives  (specified  by  the  clauses  of  disjunctions  or  conditionals),  Oz  explores  the  guards  of  the 
alternatives  concurrently.  Only  once  it  is  safe  to  commit  to  an  edternative  (e.g.,  because  all 
other  alternatives  are  failed  or  because  the  guard  of  a  conditional  claiise  is  entailed),  Oz  will 
commit  to  it.  In  contrast,  Prolog  will  eagerly  commit  to  the  first  alternative  if  a  choice  is  to  be 
made,  and  backtrack  if  necessary. 

A  sublanguage  of  Oz  enjoys  a  declarative  semantics  such  that  computation  amounts  to 
equivalence  transformation  [6].  The  declarative  semantics  of  a  conditional 

if  z  in  then  else  Ez  fi 


with  only  one  clause  is 

3z(jEi  A  JF2)  V  {~>3xEiAE3). 

Hence  Oz  can  express  negation  -lE  as  if  £  then  false  else  true  fi. 

The  length  predicate  can  also  be  defined  in  a  functional  manner  using  a  conditional: 
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proc  {Length  Xs  N} 
if  Xs=nil  then  N=0 

D  X  Xr  M  in  Xs=X|Xr  then  N=s(M)  {Length  Xr  M} 
else  false  (i 
end 

Wliile  the  functional  version  has  the  same  declarative  reading  as  the  disjunctive  formulation,  its 
operational  semantics  is  different  in  that  it  will  wait  until  information  about  its  first  argument 
is  available.  Thus 

declare  Xs  N  in  N=s(s(0) )  {Length  Xs  N} 

will  create  a  suspending  conditional  actor  and  not  write  anything  on  the  global  blackboard.  On 
the  other  hand, 

declare  Xs  N  in  Xs=:_|-I'>'l  {Length  Xs  N} 

will  write  N=:s(s(0))  on  the  global  blackboard  (although  there  is  only  partial  information 
about  Xs). 

Oz  supports  functional  syntax;  the  functional  version  of  the  length  predicate  can  equivalently 
be  written  as: 

fun  {Length  Xs} 
case  Xs  of  nil  then  0 
0  X|Xr  then  s( {Length  Xr}) 

end 

end 

4  Encapsulated  and  Demand-driven  Search 

Given  the  length  predicate  of  the  previous  section,  Prolog  allows  to  enumerate  all  pairs  Xs,  N 
such  that  length  (Xs,N)  is  satisfied.  This  service  can  be  obtained  in  Oz  in  a  more  flexible  form. 
Oz  provides  search  agents  that  can  be  given  queries  and  be  prompted  for  answers.  These  search 
agents  take  the  form  of  objects,  the  basic  concurrency  abstraction  of  Oz. 

An  object  is  a  procedure  0  taking  a  message  M  as  argument.  It  encapsulates  a  reference  to 
a  data  structure  acting  as  the  state  of  the  object.  A  procedure  application  {0  M}  (the  object 
is  applied  to  the  message)  first  competes  for  exclusive  access  to  the  object’s  state  (necessary  in 
a  concurrent  setting)  and  then  applies  the  method  requested  by  the  message: 

method:  state  x  message  -t’  state. 

This  yields  a  new  state  which  is  released.  The  message  indicates  the  method  to  be  applied  by 
a  name  that  is  mapped  to  the  actual  method  by  the  object  itself  (so-called  late  binding). 

Objects  can  be  expressed  in  the  computation  model  outlined  in  Section  2  if  one  further 
primitive,  called  constraint  communication,  is  added.  Oz’s  higher-order  programming  facilities 
make  it  straightforvrard  to  obtain  multiple  inheritance  of  methods.  For  more  information  about 
objects  in  Oz  we  refer  the  reader  to  [7,  2,  1]. 

Now  suppose  Search  is  a  search  object  as  outlined  above  (any  number  of  search  objects  can 
be  created  by  inheritance  from  a  predefined  search  object).  First,  we  present  it  a  query  using 
the  method  query: 

local  Q  in 

proc  {Q  A}  local  Xs  N  in  A=Xs#N  {Length  Xs  N}  end  end 
{Search  query (Q)} 

end 

The  query  is  specified  by  a  unary  predicate,  so  that  solutions  can  be  computed  uniformly  for 
one  variable.  Since  we  have  existential  quantification  and  pairing,  this  is  no  loss  of  generality. 
Using  functional  notation,  we  can  write  the  above  expression  more  conveniently  as 
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{S«arch  query (proc  {A}  local  Xs  N  in  A=Xs#N  {Length  Xs  N}  end  end)} 

Now  we  can  request  computation  of  the  first  solution  by  sending  the  message 
{Search  next} 

which  will  produce  the  pair  nil#0.  Sending  next  (i.e.,  elaborating  {Search  next})  once  more  will 
produce  (^nil)#s{0),  and  so  on.  What  happens  when  an  solution  is  found  can  be  specified 
by  sending  Search  the  message  action(P) ,  where  P  is  a  unary  procedure  to  be  applied  to  every 
solution  found.  The  procedure  P  may,  for  instance,  display  solutions  in  a  window  or  send  them 
to  other  objects. 

We  remark  that  Prolog  provides  demand-driven  search  at  the  user  interface,  but  not  at  the 
programming  level.  Aggregation  in  Prolog  (i.e.,  bagof)  is  eager  and  will  diverge  if  there  are 
infinitely  many  solutions.  In  Oz,  we  can  have  any  number  of  search  objects  at  the  same  time 
and  request  solutions  as  required. 

5  Solvers 

We  now  introduce  solvers,  which  are  higher-order  actors  providing  for  encapsulated  sesirch. 
Many  different  search  strategies  can  be  programmed  with  solvers,  ranging  from  demand-driven 
depth-first  (as  exemplified  by  the  search  object  in  the  previous  section)  to  best  solution  (branch 
and  bound)  strategies. 

The  key  idea  behind  search  in  Oz  is  to  exploit  the  distributivity  law  and  proceed  from 
(A  V  J5)  aC  to  A  AC  and  B  AC.  While  Prolog  commits  to  A  AC  first  and  considers  BaC  only 
upon  backtracking,  Oz  makes  both  alternatives  available  as  first-class  citizens.  To  do  this,  the 
variable  being  solved  for  must  be  made  explicit  and  abstracted  from  in  the  alternatives.  For 
instance,  ifarz  =  l0z  =  2rois  being  solved  for  x,  distribution  will  produce  the  abstractions 
proc  {x}  X  =  1  end  and  proc  {x}  x  =  2  end. 

Solvers  are  created  by  elaboration  of  solve  expressions 

sol«e{x:  E;  u] 

where  x  (the  variable  being  solved  for)  is  a  loc^  variable  taking  the  expression  E  as  scope. 
The  variable  u  provides  for  output.  The  solver  created  by  elaboration  of  the  above  expression 
spawns  a  local  computation  space  for  the  expression 

local  X  in  B  end 

As  with  other  local  computation  spaces,  constraints  and  named  abstractions  are  propagated 
from  global  blackboards  to  the  local  blackboards  of  solvers. 

A  solver  can  reduce  if  its  local  computation  space  is  either  failed  or  stable.  A  local  compu¬ 
tation  space  is  called  stable  if  it  is  blocked  and  remains  blocked  for  every  consistent  extension  of 
the  global  blackboard.  A  computation  space  is  called  blocked  if  it  is  not  failed  and  none  of  its 
actors  can  reduce.  Stability  is  known  from  AKL  {3],  where  it  is  used  to  control  nondeterministic 
promotion.  Note  that  a  local  computation  space  is  entailed  if  and  only  if  it  is  stable  and  has 
no  actor  left. 

If  the  local  computation  space  of  a  solver  has  failed,  the  solver  reduces  to  an  elaborator  for 
the  constraint  (u  is  the  output  variable) 


u  =  failed. 

If  the  local  computation  space  of  a  solver  is  stable  and  does  not  contain  a  disjunctive  actor, 
the  solver  reduces  to  an  elaborator  for 

«  =  solved(proc  {x}  F  end) 
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where  F  is  aa  expression  representing  the  stable  local  computation  space  (the  nested  procedure 
definition  has  been  explained  in  the  previous  section).^  Abstracting  the  solution  with  respect  to 
X  is  advantageous  in  case  F  does  not  fully  determine  x;  for  instance,  if  F  is  local  z  in  x  =  /(z)  end, 
different  applications  will  eujoy  different  local  variables  z.  A  less  general  way  to  return  the 
solution  would  be  to  reduce  to  an  elaborator  for  u  =  solved  (x)  F. 

If  the  local  computation  space  of  a  solver  is  stable  and  contains  a  disjunctive  actor 
or  Cl  0. .  .0  Cn  fo,  the  solver  reduces  to  an  elaborator  for 

u  =  distributed (proc  {x}  or  Ci  ro  Fend  proc  {x}  or  C2  0. .  .OCn  ro  F  end) 

where  F  is  an  expression  representing  the  stable  local  computation  space  after  deletion  of  the 
disjunctive  actor.  Requiring  stability  ensures  that  distribution  is  postponed  until  no  other  re¬ 
ductions  are  possible.  This  is  important  since  repeated  distribution  may  result  in  combinatorial 
explosion. 

For  combinatorial  search  problems  it  is  often  important  to  distribute  the  right  disjunction 
and  try  the  right  clause  first.  Oz  makes  the  following  commitments  about  order;  clauses 
are  distributed  according  to  their  static  order;  solvers  distribute  the  most  recently  created 
disjunctive  actor;  and  elaboration  proceeds  from  left  to  right,  where  suspended  actors  that 
become  reducible  are  given  priority  (similar  to  Prologs  with  freeze).  Taking  the  most  recently 
created  disjimctive  actor  for  distribution  seems  to  be  more  expressive  than  taking  the  least 
recently  created  one  (see  the  first  failure  labeling  procedure  in  Section  8). 

Solvers  cannot  express  breadth-first  search  if  disjunctions  with  more  than  two  clauses  are 
used.  This  can  be  remedied  by  also  returning  the  number  of  remaining  clauses  when  a  disjunctive 
actor  is  distributed. 

Solve  expressions  are  made  available  through  a  predefined  procedure 
prac  {Solve  P  U}  solve[X;  (P  X};  U]  end 


6  Search  Strategies 

We  start  with  a  function  taking  a  query  (i.e.,  a  unary  procedure)  as  argument  and  trying  to 
solve  it  following  a  depth-first  strategy: 

fun  {Depth  Q} 

hml  S  =  {Solve  Q}  in 
case  S  distributed  (L  R)  then 

case  {Depth  L}  of  solved  (-}=T  then  T  else  {Depth  R)  end 
else  S  end 
end 
end 

If  no  solution  is  found  (but  search  terminates) ,  failed  is  returned.  If  a  solution  is  found,  solved  ( A ) 
is  returned,  where  A  is  the  abstracted  solution.  A  procedure  solving  a  query  with  Depth  and 
displaying  the  result  can  be  written  as  follows: 

prac  {SolveAndBrowse  Q} 

case  {Depth  Q}  of  failed  then  {Browse  'no  solution  found'} 

0  solved  (A)  then  {Browse  {A}} 
end 
end 


^The  reader  might  be  surprised  by  the  fact  that  local  computation  spaces  can  be  represented  as  expressions. 
This  is  hoerever  aa  obvious  consequence  of  the  fact  that  Os’s  formal  model  [6]  models  computation  states  as 
expressions. 
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fun  {One  Q} 

local  S  =  {Solve  Q}  in 

case  S  of  distributed  (L  ft)  then 

if  T  in  {One  L}=solved(.)=T  then  T 
0  T  in  {One  R}=:solved(-)=T  then  T 
dsc  faiM  fi 
else  S  end 
end 
end 


Figure  1:  Parallel  one  solution  search. 


The  search  performed  by  Depth  is  sequential.  Figure  1  shows  an  indeterministic  search 
function  One  that  explores  alternatives  in  parallel  guards.^  The  use  of  deep  parallel  guards 
provides  a  hi^  potential  for  parallel  execution. 

Combinatorial  optimisation  problems  (e.g.,  scheduling)  often  require  best  solution  sezurch. 
Following  a  branch  and  bound  strategy,  this  can  be  done  as  follows:  once  a  solution  is  found, 
only  solutions  that  are  better  with  respect  to  a  total  order  are  searched  for.  With  every  better 
solution  found,  the  constraints  on  further  solutions  can  be  strengthened,  thus  pruning  the  search 
space. 


fun  {Best  Q  R) 

h^ 

fun  {BAB  Fs  Bs  S} 
case  Fs  of  nil  then 
case  Bs  of  nil  then  S 

0  B|Br  then  {BAB  (proc  {X}  {R  {S}  X}  {B  X}  end)  |nil  Br  S} 

end 

0  F|Fr  then 

case  {Solve  F}  of  failed  then  {BAB  Fr  Bs  S} 

0  solved (T)  then  {BAB  nil  {Append  Fr  Bs}  T} 

0  distributed (L  R)  then  {BAB  L|R|Fr  Bs  S} 
end 


end 

in  {BAB  Qjnil  nil  R  failed)  end 

end 


Figure  2:  Best  solution  search. 

Figure  2  shows  a  function  Best  searching  the  best  solution  of  a  query  Q  with  respect  to 
a  total  order  R  (a  binary  procedure).  The  local  function  BAB  takes  two  stacks  Fs  and  Bs  of 
alternatives  and  the  best  solution  found  so  far  as  arguments  (if  no  solution  has  been  found 
so  far,  failed  is  taken  as  last  argument)  and  returns  the  best  solution.  Alternatives  which  are 
already  constrained  to  produce  a  better  solution  than  S  reside  on  the  foreground  stack  Fs,  and 
the  remaining  alternatives  reside  on  the  background  stack  Bs.  If  the  foreground  stack  is  empty, 
an  alternative  B  from  the  background  stack  is  taken.  The  query  A  obtained  from  constraining 
B  to  solutions  better  than  S  (the  best  solution  so  far)  is  expressed  as  follows; 

*Thi*  search  function  was  suggested  to  us  by  Sverker  Janson. 


124 


OMte  Starch  from  UrObject 
math  action  ( A )  action^A  end 
nMthquery(Q)  stack^Qjnii  cod 
math  naxt 

caM  Qstack  of  nil  than  {^action  failed} 

D  N|Nr  than 

COM  {Solva  N}  of  failad  than  stacks— Nr  ((next)) 

0  solved(S)  than  stack^Nr  {faction  toived(S)} 
D  distributad(L  R)  than  stack4-L|R|Nr  ((next)) 

and 

and 


Figure  3:  Demand  driven  depth-first  search. 


A  =  proc  {X}  {R  {S}  X}  {B  X)  and 

If  a  new  and  better  solution  is  obtained,  all  nodes  from  the  foreground  stack  are  moved  to  the 
background  stack  so  that  they  will  be  correctly  constrruned  before  they  axe  explored. 

The  program  in  Figure  3  defines  an  object  Search  realizing  the  functionality  described  in 
Section  4.  The  object  must  be  initialized  with  messages  query (Q)  and  action  (A)  fixing  the 
query  to  be  solved  and  the  action  to  be  taken  when  a  solution  is  found,  respectively.  The 
attribute  stack  stores  the  unexplored  alternatives.  If  a  solution  is  requested  with  the  method 
next,  the  alternatives  on  the  stack  are  explored  following  a  depth-first  strategy.  If  no  alternatives 
are  left  on  the  stack,  the  specified  action  is  applied  to  the  atom  failed. 

The  search  object  illustrates  object-oriented  constraint  programming  in  Oz.  More  sophis¬ 
ticated  search  strategies,  for  instance  iterated  depth-first  search,  can  be  obtained  by  refining 
Search  using  inheritance. 

7  Integers  and  Finite  Domains 

An  implementation  of  the  presented  computation  model  must  come  with  efiScient  and  incre¬ 
mental  algorithms  for  deciding  satisfiability  and  entailment  of  constraints.  This  means  that  a 
programming  language  must  drastically  restrict  the  constraints  a  programmer  can  actually  use. 
For  instance,  addition  and  multiplication  of  integers  cannot  be  made  available  as  purely  declar¬ 
ative  constraints  since  satisfiability  of  conjunctions  of  such  constraints  is  undecidable  (Hilbert’s 
tenth  problem). 

The  usual  way  to  deal  with  this  problem  is  to  base  the  implementation  on  incomplete  algo¬ 
rithms  for  satisfiability  and  entailment  (e.g.,  delay  nonlinear  arithmetic  constraints  until  they 
are  linear).  Consequently,  constraints  are  not  anymore  fully  characterized  by  their  declarative 
semantics,  and  the  programmer  must  understand  their  operational  semantics. 

In  Oz,  we  make  a  distinction  between  basic  and  virtual  constraints.  Basic  constraints  are 
what  has  been  called  constraints  so  far.  Their  semantics  is  given  purely  declaratively  by  the 
Oz  Universe.  Oz  is  designed  such  that  the  programmer  can  only  write  basic  constraints  whose 
declarative  semantics  can  be  faithfully  realized  by  the  implementation  (i.e.,  sound  and  com¬ 
plete  algorithms  for  satisfiability  and  entailment).  Virtual  constraints  are  procedures  whose 
operational  semantics  is  sound  but  incomplete  with  respect  to  the  declarative  semantics  of  the 
corresponding  logic  constraint.  A  typical  example  of  a  virtual  constraint  is  the  length  predicate 
for  lists  defined  in  Section  3. 

Most  constraints  expressible  over  the  Oz  Universe  are  only  available  through  predefined 
virtual  constraints  (i.e.,  with  incomplete  operational  semantics).  A  typical  example  is  addition 
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proc  {'<  '  X  Y} 

if  {Fdin  X  Inf  Sup}  {Fdin  Y  Inf  Sup}  then 
local 

proc  {LE  XI  Xu  Yl  Yu} 
if  X=Y  then  true 
0  Xu<YI  then  true 

0  {Fdn  X  Xl+l  Sup}  then  {Fdin  Y  Xl+l  Sup}  (LE  XI+1  Xu  Yl  Yu} 
D  {Fdin  X  Inf  Xu-1}  then  {LE  XI  Xu-1  Yl  Yu} 

D  {Fdin  Y  YI+1  Sup}  then  {LE  XI  Xu  YI+1  Yu} 

D  {Fdin  Y  Inf  Yu-1}  then  {Fdin  X  Inf  Yu-1}  {LE  XI  Xu  Yl  Yu-1} 
li 
end 

in  {LE  Inf  Sup  Inf  Sup}  end 
else  false  fi 
end 


Figure  4:  The  virtual  constraint  X  <'  Y. 


of  integers,  whose  definition  is  as  follows: 
proc{'+'  XYZ} 

ifint(X)  int(Y)  i$det[X]  isdet[Y]  then  plus(X.Y.Z)  else  false  li 
end 

Here  pius(X,Y,Z)  is  the  basic  constraint  expressing  integer  addition  (peurtial  functions  are  avoid¬ 
ed  by  using  relations),  int(X)  is  the  basic  constraint  expressing  that  X  is  an  integer,  and  isdet[X] 
creates  an  actor  that  disappears  as  soon  as  there  is  a  constant  a  in  the  signature  of  the  Oz 
Universe  such  that  X=a  is  entailed  by  the  blackboard.  Clearly,  there  is  no  difficulty  in  imple¬ 
menting  the  virtual  constraint  {'  -f '  X  Y  Z}.  Moreover,  its  semantics  is  fully  defined  in  terms 
of  the  computation  model  outlined  in  Section  2  (extended  with  the  isdet[X]  actor,  of  course). 
The  virtual  constraint 

proc  {Isint  X} 

if  int(X)  isdet[X]  then  trae  ebe  fake  li 
end 

will  fail  if  the  blackboard  entails  that  X  is  no  integer,  and  disappear  (important  for  deep  guards) 
if  there  is  an  integer  n  such  that  the  blackboard  entails  X=n. 

A  further  example  is  the  predefined  virtual  constraint 

proc{'<'  XY} 

if  {IsTnt  X}  {Isint  Y}  then  le(X.Y)  else  false  fi 
end 

where  and  le(X,Y)  is  the  basic  constraint  expressing  the  canonical  order  on  integers. 

The  predefined  virtual  constraint 

proc  {Fdin  X  L  U} 

if  ^slnt  L}  {Isint  U}  then  le(L.X)  le(X.U)  le(lnf.L)  le(U,Sup)  else  false  fi 

end 


makes  it  possible  to  constrain  a  variable  X  to  a  finite  domain  L..U  (i.e.,  the  value  of  X  must  be 
an  integer  between  L  and  U).  There  variables  Inf  and  Sup  are  predefined  by  the  implementation 
and  fix  the  maximal  size  of  finite  domains  (i.e.,  there  are  only  finitely  many  finite  domains) . 
Another  important  predefined  virtual  construnt  is 


proc  {FdNec  X  C} 

if  {Fdln  X  Inf  Sup}  {Isint  C}  then  X  ^  C  else  false  fi 
end 

whose  declarative  reading  says  that  X  is  a  finite  domain  variable  different  from  C  (X  C  is  a 
basic  constraint). 

Figure  4  shows  the  definition  of  a  virtual  constraint  X  <'  Y  enforcing  domain  consistency 
for  finite  domain  variables  (the  infix  operators  <  ,  +  ,  and  —  expand  to  applications  of  the 
corresponding  virtual  constraints).  For  instance,  elaboration  of  the  expression 

local  X  Y  in 

{Fdln  X  3  7}  {Fdln  Y  7  24} 
if  X  <'  Y  then  {Browse  yes}  else  {Browse  no}  ii 
end 

will  reduce  the  conditional  actor  to  {Browse  yes},  and  elaboration  of 
{Fdln  X  3  7}  {Fdln  Y  7  24}  Y  <'  X 

will  constrain  X  and  Y  to  7. 

With  the  outlined  techniques  we  can  formally  define  all  finite  domain  constraints  as  virtual 
constraints  such  that  a  faithfiil  and  efficient  implementation  is  possible.  To  our  knowledge,  this 
is  the  first  formal  semantics  for  finite  domain  constraints  in  a  deep  guard  computation  model. 

To  define  heuristics  such  as  first  failure  labeling'  (see  next  section) ,  we  need  a  reflective 
primitive.  The  actor 

rellect[z;  y] 

can  reduce  as  soon  as  the  blackboard  constrains  the  variable  z  to  a  finite  domain.  It  will  then 
reduce  to  an  elaborator  for  the  constraint 

!/=  ni|...jnik|nil, 

where  ni| . .  .|nfcinil  is  the  shortest  list  in  ascending  order  such  that  the  blackboard  entails  the 
constraint  z  s  tii  V . . .  V  z  =  .  Note  that  the  reflection  actor  is  different  from  ail  other  actors 

in  that  its  reduction  may  have  different  effect  if  it  is  postponed. 

8  Example:  N-queens 

Figure  5  shows  an  Oz  program  solving  the  n-queens  problem  (place  n  queens  on  an  n  x  n 
chessboard  such  that  no  queen  is  attacked  by  another  queen).  The  predicate  {Queens  N  Xs}  is 
satisfied  iff  the  list  Xs  represents  a  solution  to  the  n-queens  problem.  The  fist  Xs  has  length  N, 
where  every  element  is  an  integer  between  1  and  N.  The  ith  element  of  Xs  specifies  in  which 
row  the  queen  in  the  tth  colunon  is  placed.  The  solutions  to  the  100-queens  problem,  say,  can 
be  obtained  by  providing  the  search  object  of  Section  6  with  the  query 

{Search  query  (proc  {Xs}  {Queens  100  Xs}  end)} 

The  procedure  {Consistent  Xs  Ys}  iterates  through  the  columns  of  the  board,  where  Ys  are 
the  columns  already  constrained  and  Xs  are  the  columns  still  to  be  constrained.  Since  a  queen 
only  imposes  its  constraints  once  it  is  determined  (i.e.,  {Isint  X}  cam  reduce),  there  etre  at  most 
N  actors  spawned  before  a  distribution. 

The  procedure  {Label  Xs}  labels  the  elements  of  Xs.  Different  labeling  strategies  are  possible. 
Figure  6  shows  a  labeling  procedure  realizing  the  first-fail  heuristic  (label  variables  with  fewest 
remaining  values  first).  The  procedure  FdSize  yields  the  number  of  values  still  possible  for  a 
finite  domain  variable,  and  FdMin  yields  the  minimal  V2due  still  possible.  Both  procedures  can 
be  expressed  with  the  reflection  actor  of  Section  7. 

After  all  determined  elements  of  Xs  have  been  dropped  with  the  higher-order  procedure 
Filter,  the  remaining  elements  are  sorted  according  to  the  current  size  of  their  domain.  If  X  is 
the  variable  with  the  smallest  domain,  the  disjunction 
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local 

proc  {NoAttack  Xs  Y  1} 
caso  Xs  of  nil  thou  true 

0  X|Xr  then  {FdNec  X  Y}  {FdNec  X  Y  +  1}  {FdNec  X  Y  -  1}  {NoAttack  Xr  Y  I  +  1} 

end 

end 

proc  {Consistent  Xs  Ys} 
case  Xs  of  nil  then  true 
0  X|Xr  then 

if  {Isint  X}  then  {NoAttack  Xr  X  1}  {NoAttack  Ys  X  1}  fi  {Consistent  Xr  X|Ys} 

end 

end 

proc  {Board  I  N  Xs} 
if  1=0  then  Xs=nil 

else  local  X  Xr  in  Xs=X|Xr  {Fdin  X  1  N)  {Board  I  -  1  N  Xr}  end  fi 

end 

in 

proc  {Queens  N  Xs} 

{Board  N  N  Xs} 

{Consistent  Xs  nil} 

{Label  Xs} 
end 
end 


Figure  5:  The  n-queens  problem. 


or  X=M  then  {Label  Xr}  0  {FdNec  X  M}  then  {Label  X|Xr}  ro 

is  created,  where  M  is  the  minimal  possible  value  for  X,  and  Xr  are  the  remaining  variables  to 
be  labeled. 

Because  of  the  use  of  the  reflective  procedures  FdSize  and  FdMin,  it  is  important  that  the 
labeling  procedure  b  elaborated  only  after  all  constraints  have  been  propagated.  Thb  b  ensured 
by  the  fact  that  suspended  actors  are  given  priority  once  they  become  reducible,  and  that  the 
application  of  Label  appears  last.  Since  the  most  recently  created  dbjimctive  actor  b  dbtributed, 
the  latter  ensures  that  the  dbjimctive  actor  created  by  the  labeling  procedure  is  dbtributed 
even  if  there  are  further  dbjimctive  actors  (which  b  not  the  case  in  our  exaonple). 


proc  {Label  Xs} 

case  {Sort  {Filter  Xs  proc  {X}  {FdSize  X}  >  1  end} 
proc  {X  Y}  {FdSize  X}  <  {FdSize  Y}  end} 
of  nil  then  true 
0X|Xrthen 
local  M={FdMin  X}  in 

or  X=M  then  {Label  Xr}  0  {FdNec  X  M}  then  {Label  X|Xr}  ro 
end 
end 
end 


Figure  6:  First-failure  labeling. 
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Remark 

The  Oz  System  stnd  its  documentation  are  available  through  anonymous  ftp  from 
duck. df ki.uni-sb.de or  through  www  at  http://mni.dfki.ttni-8b.de/. 
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1  Introduction 

We  present  in  an  informal  way  some  preliminary  results  on  the  investigation  of  efficient  compile-time 
techniques  for  Constraint  Logic  and  Concurrent  Constraint  Programming.  These  techniques  are  viewed 
as  source-to-source  program  transformations  between  the  two  programming  psuadigms  and  are  based  on  a 
concurrent  semantics  of  CC  programs  [MR91]. 

Previous  work  [BHd2]  showed  that  it  is  possible  to  perform  program  transformations  from  Prolog  to 
AKL^  [JH91],  allowing  the  latter  to  fully  exploit  the  Independent  And-Parallelism  (lAP)  [HR93]  present 
in  Prolog  programs.  When  extending  the  transformation  techniques  to  the  CLP  paradigm  [JL87,  Col90, 
VanH89],  some  issues  have  to  be  initially  solved.  First,  the  notion  of  independence  has  to  be  extended 
[GHM93].  Second,  compile-time  tools  based  on  the  extended  notions  have  to  be  developed  in  order  to 
capture  the  independence  of  goals,  allowing  such  transformation.  For  this  purpose  an  analysis  of  the 
programs  turns  out  to  be  needed. 

Our  analysis  will  be  based  on  a  semantics  [MR91]  which,  although  originally  intended  for  CC  pro¬ 
gramming,  can  be  also  applied  to  CLP,  if  suitably  extended  [BGHMR94].  Such  semantics  allows  us  to 
captiue  the  dependencies  present  in  a  CLP  program  at  a  finer  level  of  granularity  than  ever  proposed 
to  date  in  the  literature.  This  provides  the  knowledge  for  performing  a  transformation  of  the  program 
which  will  force  an  execution-time  scheduling  of  processes  which  preserves  those  dependencies.  When  the 
transformed  program  is  nm  in  a  conciurent  environment,  parallel  execution  of  concurrent  processes  will 
be  exploited,  except  for  the  cases  where  an  explicit  ordering  has  been  annotated  at  compile-time  based  on 
the  dependencies  identified. 

The  same  semantics  can  also  be  used  to  identify  dependencies  in  CC  programs.  Based  on  such  depen¬ 
dencies,  an  analysis  of  parallel  and  sequential  threads  in  the  concurrent  computation  can  be  performed, 
establishing  the  basis  for  a  transformation  into  parallel  CLP  programs  (with  explicit  dynamic  schedul¬ 
ing).  A  similar  approach  (although  not  based  on  program  transformation)  has  recently  been  proposed  in 
[KS92],  in  which  a  static  analysis  of  concurrent  languages  is  proposed  based  on  an  algebraic  construction 
of  execution  trees  &om  which  dependencies  are  identified. 

The  needed  extension  of  the  semantics  (for  dealing  with  CLP  instead  of  CC  programs)  is  non-trivial 
[BGHMR94].  In  fact,  it  consists  in  capturing  the  atomic  (instead  of  the  eventual)  interpretation  of  the  tell 
operation:  constraints  axe  added  only  if  they  are  consistent  with  the  current  store.  This  implies  the  need 
of  having  the  possibility  of  knowing  immediately  if  a  set  of  constraints  is  consistent  or  not.  Thus  it  may 
seem  that  the  semantics  construction  would  have  to  go  back  to  the  usual  notion  of  a  constraint  system  as 
a  black  box  which  can  answer  yes/no  questions  in  one  step  (which  is  what  is  most  generally  used  in  all  the 
semantics  other  than  [MR91]).  However,  this  is  not  really  true.  In  fact,  the  semantic  structure  still  shows 
all  the  atomic  entailment  steps  of  the  underlying  constraint  system,  thus  allowing  to  derive  the  correct 
dependencies  among  agents. 

*  AKL  is  a  CC  laagaage  based  on  the  Extended  Andorra  Model,  which  is  able  to  exploit  the  determinate-goals-iirst  principle 
as  well  as  various  kinds  of  parallelism. 
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2  Independence  in  CLP 

The  general,  intuitive  notion  of  independence  between  goals  is  that  the  goals’  executions  do  not  interfere 
with  each  other,  and  do  net  change  in  any  “observable”  way.  Observables  include  the  solutions  suid/or  the 
time  that  it  takes  to  compute  them. 

Previous  work  in  the  context  of  traditional  Logic  Programming  languages  [Con83,  DeG84,  HR93]  has 
concentrated  on  defining  independence  in  terms  of  preservation  of  search  space,  and  such  preservation  has 
then  been  achieved  by  ensuring  that  either  the  goals  do  not  share  variables  {strict  independence)  or  if  they 
share  variables,  that  they  do  not  “compete”  for  their  bindings  {non-strict  independence). 

Recently,  the  concept  of  independence  has  been  extended  to  CLP  [GHM93].  It  i.as  been  shown  that 
search  space  preservation  is  no  longer  sufficient  for  ensuring  the  efficiency  of  several  optimizations  when 
arbitrary  CLP  languages  are  taken  into  account.  The  reason  is  that  while  the  number  of  reduction  steps 
will  certainly  be  constant  if  the  search  space  is  preserved,  the  cost  of  each  step  will  not;  modifying  the 
order  in  which  a  sequence  of  primitive  constraints  is  added  to  the  store  may  have  a  critical  influence  on 
the  time  spent  by  the  constraint  solver  algorithm  in  obtaining  the  answer,  even  if  the  resulting  constraint 
is  consistent  (in  fact,  this  issue  is  the  core  of  the  reordering  application  described  in  [MS92]).  This  implies 
that  optimizations  which  vary  the  intended  execution  order  established  by  the  user,  such  as  parallel  or 
concurrent  execution,  must  also  consider  an  orthogonzd  issue  -  independence  of  constraint  solving  -  which 
charaMrterizes  the  properties  of  the  constraint  solver  behavior  when  changing  the  order  in  which  primitive 
constraints  are  considcied 


3  A  Concurrent  Semantics  for  CC  and  CLP 

Usually  the  semantics  of  CC  programs  [Sar89]  is  given  operationally,  following  the  SOS-style  operational 
semantics,  and  thus  suffering  &om  the  typical  pathologies  of  an  interleaving  semantics.  On  the  other  hand, 
the  concurrent  semantics  approach  introduced  in  [MR91]  presents  a  non-monolithic  model  of  the  shared 
store  and  of  its  communication  with  the  agents,  in  which  the  behavior  of  the  store  and  that  of  the  agents 
can  be  uniformly  expressed  by  context-dependent  rewrite  rules  (i.e.  rules  which  have  a  left  hand  side,  a 
right  hand  side  and  a  context),  each  of  them  being  applicable  if  both  its  left  hand  side  and  its  context  are 
present  in  the  current  state  of  the  computation.  An  application  removes  the  left  hand  side  and  adds  the 
right  hand  side.  In  particular,  the  context  is  crucial  in  faithfully  representing  asked  constreunts,  which  are 
checked  for  presence  but  not  affected  by  the  computation. 

fYom  such  rules  a  semantics  structure  is  then  obtained.  Such  structure  is  called  a  contextual  net 
[MR93]  and  it  is  constructed  by  starting  from  the  initial  agent  and  applying  all  rules  in  all  possible  ways. 
A  contextual  net  is  just  an  acyclic  Petri  net  where  the  presence  of  context  conditions,  besides  pre-  and 
post-conditions,  is  allowed.  In  a  net  obtained  from  a  CC  program,  transitions  are  labelled  by  the  rule 
applied  for  them. 

Three  relations  can  be  defined  on  the  items  (conditions  and  events)  of  the  obtained  net:  two  items  are 
concurrent  if  they  represent  objects  which  may  appear  together  in  a  computation  state,  they  are  mutually 
exclusive  if  they  represent  objects  which  can  not  appear  in  the  same  computation,  and  they  are  dependent 
if  they  represent  objects  which  may  appear  in  the  same  computation  but  in  different  computation  steps. 

For  each  computation  of  the  CC  program,  the  net  provides  a  partiad  order  expressing  the  dependency 
pattern  among  the  events  of  the  computation.  As  a  result,  all  such  computations  are  represented  in  a 
unique  structure,  where  it  is  possible  to  see  the  maximal  degree  of  both  concurrency  (via  the  concurrency 
relation)  and  indeterminism  (via  the  mutual  exclusion  relation)  available  both  at  the  program  level  and  at 
the  underlying  constraint  system. 

Nevertheless,  such  semantics  is  not  able  to  handle  failure,  in  the  sense  of  detecting  inconsistencies 
generated  by  tell  operations,  since  constraints  are  added  without  any  consistency  check  (i.e.,  the  “eventual” 
interpretation  of  the  tell  operation  is  modelled).  We  extended  such  semantics  to  include  the  case  of  failure 
[BGHMR94].  We  showed  that  the  new  semantics  can  be  obtained  from  the  old  one  either  by  pruning  some 
parts  of  the  semantic  structure,  or  by  not  generating  them  at  all.  On  one  hand,  the  semantic  structure 
can  be  built  up  by  first  generating  the  net  as  before,  and  then  propagating  the  failure  information  through 
the  net  by  introducing  a  notion  of  mutual  inconsistency  between  items.  The  inconsistent  items  are  then 
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pruned  out.  On  the  other  hand,  the  net  can  be  generated  from  scratch  with  a  new  computation  rule  for 
the  semantics  which  takes  mutual  inconsistency  into  account. 

The  mutual  inconsistency  relation  extends  the  mutual  exclusion  relation,  in  the  sense  of  capturing  more 
objects  which  are  not  allowed  to  be  present  in  the  same  computation.  In  fact,  in  the  original  semantics, 
if  two  objects  were  mutually  exclusive,  they  could  not  be  present  in  the  same  deterministic  computation, 
even  at  different  computation  steps,  because  they  belonged  to  two  different  nondeterministic  (in  the  sense 
of  “don’t-care”  nondeterminism,  or  indeterministic)  branches  of  the  program  execution.  Now,  two  items 
exclude  one  another  also  when  they  are  mutually  inconsistent,  that  is,  when  they  represent  (or  generate) 
objects  which  are  inconsistent. 

When  introducing  an  explicit  representation  for  failure  io  rhe  original  semantics,  what  is  achieved  in 
fact  is  a  faithful  model  for  capturing  backtracking.  In  other  words,  failing  branches  in  a  computation  are 
also  captured,  allowing  us  to  make  a  step  further  and  exchange  nondeterminism  for  indeterminism.  In  the 
extended  semantics,  two  different  branches  will  be  mutually  inconsistent  if  they  lead  to  failure.  Otherwise, 
if  they  are  mutually  exclusive,  they  will  represent  two  different  deterministic  computations  yielding  distinct 
solutions,  i.e.,  a  nondeterministic  choice. 

Thus  the  n  jw  semantics,  although  originally  intended  for  CC  programs,  can  be  used  also  for  describing 
the  behavior  of  (pure)  CLP  programs.  The  only  difference  is  the  interpretation  of  the  mutual  exclusion 
relation,  which  expresses  indeterminism  when  applied  to  CC  programs,  and  nondeterminism  when  applied 
to  CLP  programs. 

4  Local  Independence  and  CLP  Parallelization 

The  semantics  obtained  above,  while  being  maximally  parallel,  could  be  very  inefficient  if  implemented 
directly  as  an  operational  model  for  CLP.  One  reason  for  this  is  that  branches  of  the  search  tree  may 
be  explored  which  would  have  been  previously  pruned  by  another  goal  in  the  sequential  execution.  The 
general  problem  of  finding  a  rule  to  avoid  the  exploration  of  such  branches  is  directly  related  to  the  concept 
of  independence  and  has  been  previously  addressed  in  Section  2.  In  order  to  avoid  such  efiBciency  problems 
we  propose  to  apply  those  independence  rules,  but  at  the  finest  possible  level  of  granularity  (as  proposed 
in  [BGH93]).  This  is  now  possible  because  we  have  a  structure  in  which  all  intermediate  atomic  steps  in 
the  execution  of  a  goal  and  their  dependencies  are  clearly  identifiable. 

Capturing  independence  is  achieved  by  identifying  dependencies  which  occur  due  to  subcomputations 
which  affect  each  other,  in  the  sense  of  the  construnt  independence  notions  above.  In  our  nets,  these 
notions  are  applied  not  only  at  the  level  of  whole  computations  of  different  goals,  but  also  at  the  finer  level 
of  subcomputations  of  those  goals,  i.e.,  the  actual  subcomputations  which  can  affect  each  other.  This  new 
notion  of  independence  (local  independence)  is,  to  our  knowledge,  the  most  general  proposed  so  far  (in  the 
sense  that  it  allows  the  greatest  amount  of  parallelism)  which,  at  the  same  time,  preserves  the  efficiency 
of  the  sequential  execution. 

A  drawback  of  local  independence  is  that  it  requires  an  oracle,  since  mutual  inconsistency  of  branches  is 
not  known  a  priori,  and  thus  suitable  scheduling  strategies  for  AND-OR  parallelism  must  be  devised  which 
make  sure  that  the  added  dependency  links  are  respected  (i.e.  the  strategy  is  consistent),  while  still  taking 
advantage  of  the  remaining  parallelism  (i.e.  the  strategy  is,  more  or  less,  efficient).  Such  an  oracle  can  be 
devised  at  compile-time  by  means  of  abstract  interpretation  based  analysis,  and  a  scheduling  strategy  can 
be  obtained  for  instance  by  a  suitable  program  transformation  (as  that  presented  in  Section  6). 

5  A  Meta-interpreter  of  the  Concrete  Semantics 

A  metarinterpreter  has  been  implemented  which  tadces  as  input  a  CC  program  and  a  concrete  query,  and 
builds  up  the  associated  contextual  net  as  defined  by  the  true  concurrency  semantics  of  [MR91],  presented 
in  Section  3.  The  computation  of  the  concrete  model  is  performed  in  several  steps: 

1.  A  program  is  read  in  and  transformed  into  a  suitable  set  of  context-dependent  rules. 
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2.  Starting  from  the  initial  (concrete)  agent  -  the  query  -  rules  are  applied  one  at  a  time,  until  no  rule 
application  is  possible. 

3.  Relations  of  mutual  exclusion,  causal  dependency  and  concurrency  are  constructed  from  the  structure 
given  by  the  previous  step. 

4.  The  contextual  net  giving  the  program  semantics  can  be  visualized  in  a  windows  environment,  as 
well  as  the  resulting  relations. 

Although  the  construction  of  the  net  is  completely  deterministic,  a  iixpoint  computation  based  on 
memoization  is  performed  in  order  to  ensure  termination  (whenever  the  semantics  model  is  finite). 

Once  the  computation  is  finished,  the  structure  giving  the  model  of  the  program  resembles  an  event 
structure  [Rx3s93].  An  event  structure  is  a  set  of  events  (together  with  conflict  and  dependency  relations), 
where  each  of  them  represents  a  single  computation  step,  i.e.,  a  rule  application,  and  contains  all  the 
history  of  the  subcomputation  leading  to  the  particular  step  represented.  The  events  represent  either 
program  agents,  which  will  be  consumed  by  applying  the  program  rules,  or  constraint  tokens  which  will  be 
asked  for  in  such  rule  applications.  The  former  are  represented  by  usual  conditions  in  the  net,  the  latter 
by  context  conditions. 

For  simplicity,  the  current  implementation  only  implements  the  Herbrand  constraint  system,  leaving  to 
the  underlying  Prolog  machinery  much  of  the  entailment  relation. 


Figure  1:  Contextual  Net  of  the  append3/4  example. 

As  an  example,  consider  the  following  definition  of  appsnd/3,  which  appends  two  lists  into  another  one, 
and  then  splits  it  into  another  two.  It  can  be  run  either  first  appending  and  then  splitting  or  “backwards” 
(first  splitting  and  then  appending). 

tell(T-C3]),  tell(Z»C4]),  app«nd3(X,Y,Z,W) . 

^)p«nd3(A,  B,  D,  E)  app(A,  B,  C) ,  ^p(C,  D,  E). 
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T,  Z)  »sk<X  -  □).  t*n(Y  -  Z). 

•ppil.  T,  Z)  ask(X  -  UIB]).  t«ll(Z  -  [AlDD.  app(B.  Y,  D) . 

H>p(X.  Y.  Z)  Mk(Z  -  □).  t«ll(X  *  □).  t«ll(Y  -  Z) . 

«K>(X,  Y,  Z)  »»k<Z  -  LJ  J),  t«ll(X  -  □>,  telKY  »  Z>. 

app(X.  Y,  Z)  askCZ  -  [AID]).  tclKX  -  [AiB]).  appCB.  Y.  0). 

A  query  has  been  included  which  performs  the  “forward”  computation,  where  the  second  app/3  goal  in 
the  body  of  the  append3/4  clause  has  to  wait  on  the  first  goal  to  proceed  at  each  step  while  the  resulting 
list  C  is  being  constructed  to  consume  it.  The  semantic  structure  resulting  for  the  computation  with  this 
query  can  be  seen  in  Figure  1. 

Circles  in  the  figure  correspond  to  agents  (either  program  agents  or  tokens)  and  squares  correspond 
to  steps.  Context  conditions  corresponding  to  the  constraint  tokens  told  to  the  store  in  the  computation 
can  be  seen,  and  the  use  of  such  contexts  by  subsequent  transitions  are  denoted  by  links  between  the 
corresponding  tokens  and  transitions  (Figure  l.a).  The  partial  order  subsumed  in  the  net  corresponds  to 
the  causal  dependency  relation,  plus  additional  dependencies  due  to  the  “use”  of  contexts,  which  appear 
in  Figure  l.b. 

In  this  way,  the  causal  dependency  relation  captures  an  optimal  scheduling  of  processes  based  on 
producer /consumer  relations  on  the  tokens  added  to  the  store.  This  can  be  augmented  with  the  local 
independence  relation  (as  explained  in  Section  4)  to  capture  and-parallel  scheduling  based  on  mutually 
inconsistent  computations. 

6  Parallelization  of  CLP  via  Program  Transformation  to  CC 

One  possible  application  of  our  semantics  can  be  achieved  by  program  transformation  from  CLP  to  CC. 
The  purpose  of  the  transformation  will  be  to  allow  CLP  programs  to  run  under  CC  machinery  with  an 
optimal  scheduling  of  processes  which  ensures  no-slowdown  and  allows  for  maxima)  parallelism.  In  doing 
this,  the  target  language  should  allow  for  the  features  of  CC,  including  synchronization  and  indeterminism 
(although  this  latter  is  not  needed  for  our  purposes),  and  also  for  additional  nondeterminism  (in  the  sense 
of  backtracking  •  which  is  indeed  needed  to  embed  CLP).  Examples  of  such  languages  are  AKL^  amd 
concurrent  (constraint)  Prologs  (i.e.  Prologs  with  explicit  delay). 

The  transformation  will  proceed  as  follows.  First,  the  CLP  program  is  rewritten  into  a  CC  program. 
This  first  step  will  embed  a  CLP  program  into  CC  syntax,  by  (possibly)  normalizing  goals  and  head 
unifications,  and  make  all  constraint  operations  explicit  as  tell  agents.  Second,  inconsistency  dependencies 
are  identified  within  the  (abstract)  semantics  via  program  analysis,  and  then  the  program  is  augmented  with 
sequentialization  arguments  where  required,  and  suitable  ask  and  tell  operations  for  this  are  incorporated 
to  the  program  clauses. 

Let  ti  dep  ta  denote  an  existing  inconsistency  dependency  link  between  transitions  ti  and  t2-  The 
corresponding  rules  applied  in  those  transitions  are  identified,  and  also  the  program  declarations  related  to 
such  rules.  Let  these  be  pi  and  ps,  respectively,  where  As  represent  ask  agents.  At  tell  agents,  and  Ag  other 
agorts.  The  transformation  required  for  sequentialization  maps  these  declarations  into  the  corresponding 
Pi  and  Pi- 

Pi  ::=pl(X)  :  -A8i,Ati,Agi  pi  ::=pl'(A,y)  :  -Asi,  Ati,tell{c(Y)),  Agi 

Pj  :;=p2(3r)  :  -Asj,Afj,Ap2  P2  ••=P^iX,Y)  :  -ask{c(X)),As2,At2,Ag2 

where  y  is  a  completely  new  variable  and  c(y)  is  some  arbitrary  constrmnt  token  over  y.  Instances  of 
agents  pi  and  p2  are  also  mapped  into  the  corresponding  pi  *  and  p2 '  by  augmenting  their  number  of 
arguments  accordingly  and  matching  this  additional  argument  to  the  same  variable  wherever  both  agents 
appear  together  in  the  same  declaration. 

The  transformed  program  will  allow  for  or-parallelism  (which  is  captured  in  the  semantics  by  the  mutual 
exclusion  relation)  and  locally  independent  and-paralielism  (which  is  captured  by  means  of  relations  derived 
from  the  mutual  inconsistency  relation).  An  efficient  strategy  for  parallel  execution  is  thus  achieved. 

^However,  in  AKL  computatiatu  are  encapculated  in  the  so  called  deep  guards,  an  issue  that  our  semantics  does  not 
c^tuie  yet. 
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7  Static  Scheduling  in  CC  via  Program  Transformation  to  CLP 

Another  complementary  application  of  the  independence  detection  based  on  our  semantics  is  schedule 
analysis.  We  propose  to  perform  the  linearization  associated  to  schedule  analysis  by  means  of  program 
transformation  from  CC  to  CLP,  achieving  in  addition  an  efficient  parallelization  of  concurrent  goals.  In 
order  to  do  this  the  intraded  target  language  should  allow  “delay”  features  able  to  support  concurrency. 

The  basic  idea  is  related  to  the  approach  of  [BGH93]  and  QD-Janus  [Deb93].  However,  we  propose 
to  perform  a  more  “intelligent”  transformation  (see  also  [BGH93]),  which  is  based  on  the  results  of  the 
analysis  performed  over  the  CC  program. 

Let  us  illustrate  our  approach  with  the  appsnd3/4  example  of  Section  5.  Assume  the  following  query: 
aH>«iid3(X.T.Z.H). 


Figure  2:  Contextual  net  for  append3/4  running  backwards. 

The  resulting  contextual  net  given  by  our  meta-interpreter  is  that  of  Figure  2,  where  the  context  de¬ 
pendencies  links  ate  shown,  and  the  information  corresponding  to  each  rule  application  (ti,t3,  ■ . .)  appears 
explicitly  at  the  top.  From  the  net,  it  can  be  seen  that  only  the  “backwards”  version  of  the  predicate 
app/3  is  used;  while  the  second  app/3  goal  in  the  body  of  the  append3/4  clause  (corresponding  to  agent 
S4)  can  proceed  without  suspending,  as  no  context  other  than  the  told  constraints  in  the  query  is  needed, 
the  first  goal  and  the  goals  occurring  in  its  subcomputation  always  suspend  until  the  third  argument  be¬ 
comes  instantiated.  An  identical  behavior  will  occur  in  all  queries  in  which  the  three  first  arguments  of 
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^p«ad3/4  ate  free  and  the  forth  is  instantiated  to  a  non-incomplete  list.  With  this  knowledge  the  following 

ttansfoimed  CLP  program  can  be  obtained; 

app«nd3(A,  B,  0,  E) 

■hen(noBYar(C),app(A.  B.  O). 
an;>(C,  D,  E). 

4q>p(X,  T,  Z)  !-  X  -  T  -  2. 

ipp<X,  T,  Z)  Z  -  [AIM,  X  -  CAlB],  app(B,  T,  D) . 

Our  aim  is  to  develop  an  analysis  able  to  infer  such  invariants  based  on  the  semantics.  Such  analyzer 

will  guarantee  that  the  transformations  applied  to  a  CC  program  in  the  spirit  above  are  correct. 
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CC  Programs  with  both  In-  sind  Non-determinism: 
A  Concurrent  Semantics 

Ugo  Montanan*  Francesca  Rossi*  Vijay  Sar2tswat^ 


Abstract 

We  present  «  concazrent  semantics  for  concurrent  constraint  (cc)  programming  framework  with 
both  (‘committed  choice”)  indeterminism  and  (‘backtracking”)  nondeterminism.  The  semantics 
extends  the  prerions  semantics  for  Indeterminate  cc  by  (1)  allowing  each  state  to  contain  different 
or-paraUel  components  and  (2)  splitting  the  concnriency  relation  into  two  to  distinguish  between  and- 
and  oi-concnrrency.  Thereby,  the  constrnction  produces  a  single  representation  (an  And-or  eonUxtwU 
net)  that  captures  the  important  relationships  between  events  in  program  runs:  concurrency,  causal 
dependency,  indeterminism  and  nondeterminism. 

We  bdieve  this  is  a  first  step  towards  the  formal  analysis  of  the  concurrent  semantics  of  practical 
cc  langtiages  containing  both  in-  and  non-determinism,  such  as  AKL  [HJ90]. 

1  Introduction 

The  paper  proposes  a  simple  concurrent  semantics  for  concurrent  constraint  (cc)  programs  [Sar93]  which 
may  contain  hoik  indeterminism  ("don’t  care”  or  "coirunitted-choice”  nondeterminism)  and  nondetermin¬ 
ism  ("don’t  know”  or  "search”  non-determinism).  Prolog-style  nondeterminism  is  obviously  of  consider¬ 
able  value  in  allowing  simple,  perspicuous  representations  of  search-spaces.  Indeterminism  arises  naturally 
in  reactive  distributed  contexts,  where  the  relative  speeds  of  processors  and  relative  communication  de¬ 
lays  across  the  network  are  unpredictable.  Thus,  the  combination  of  indeterminism  and  nondeterminism 
we  discuss  in  this  p^>er  arises  naturally  when  one  seeks  to  implement  simple  representations  for  search 
problems  that  are  to  be  solved  in  a  distributed,  reactive  context.  Moreover,  it  also  appears  whenever, 
for  any  reason,  one  decides  to  make  some  of  the  choices  backtrackable  (that  is,  nondeterministic,  or 
collective),  and  others  committed  (that  is,  indeterministic).  Examples  of  cc  programs  containing  both 
indeterminism  and  nondeterminism  can  be  found  in  {Sar93]. 

Tb  define  the  operational  behaviour  of  cc  programs,  we  represent  each  computation  state  as  a  collection 
of  sets  agent  and  constraint  occurrences,  where  different  sets  in  a  collection  represent  situations  which 
are  achieved  by  making  different  nondeterministic  choices.  Then,  each  state  is  rewritten  via  rewriting 
rules,  which  specify  (1)  conditions  under  which  they  can  be  executed,  and  (2)  the  new  configuration 
(collection  of  sets)  that  results  on  execution  of  the  rule.  The  operational  semantics  then  associates  with 
each  agent  the  sequence  of  configurations  that  arise  as  a  result  of  the  applications  of  the  rewrite  rules 
generated  from  the  program  and  the  underlying  constraint  system. 

The  eonewmnt  semantics  we  develop  is  derived  from  the  operational  semantics  by  internalizing  the 
history  of  the  computation  in  the  states.  The  resulting  objects  in  the  semantic  domain  (called  contextual 
nets  [MR93ij)  contain  information  about  concurrency,  causal  dependency  and  mutual  exclusion.  Con¬ 
textual  nets  generalise  Petri  net  [ReiSS]  by  allowing  each  event  to  have  context  conditions,  in  addition  to 
the  usual  pre-  and  post-conditions;  for  the  event  to  occur  the  context  conditions  must  be  present.  Causal 
dq>endency  describes  the  necessary  sequentialization  in  the  program  (as  introduced  by  ask  conditions). 
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The  concuxraicy  relation  describes  possible  parallelism  between  events.  The  mutual  exclusion  relation 
describes  conflict,  that  is,  the  impossibility  of  the  related  events  being  in  the  same  computation  {MR93b] . 

To  modd  ncmdetonoinism,  we  split  the  concurrency  relation  into  two;  and-concurrtncy  and  or- 
eoaeamaey,  obtaining  a  new  kind  of  net  that  we  call  an  and~0T  contextual  net.  Such  a  refinement  of  the 
model  is  unavoidable  if  one  wants  to  distinguish  between  in-determinism,  non-determinism,  concurrency 
and  dependency. 

The  and-or  contextual  net  is  derived  from  a  cc  program  by  using  just  one  inference  rule,  which  states 
that  whenever  the  left  hand  side  and  the  context  of  the  rule  are  already  represented  in  the  net,  then  we 
can  add  new  items  to  represent  its  application  and  its  right  hand  side,  and  link  them  suitably  to  the  other 
dements  of  the  net  via  the  four  rdations.  The  applications  of  such  inference  rule  are  Church- Rosser,  |n 
the  that  the  resulting  net  does  not  depend  on  the  order  in  which  they  occur.  Moreover,  it  is  easy 
to  see  that  such  application  is  very  similar  to  that  of  the  rules  in  the  operational  semantics.  In  fact,  as 
noted  above,  the  only  real  diflerence  between  the  operational  and  the  concurrent  semantics  (that  is,  the 
contextual  net)  is  that  the  latter  generates  an  object  which  contains  both  the  final  state  and  the  history 
of  the  computation,  with  the  a^>propriate  dependencies  among  the  computations  steps.  This  allows  to 
reason  mcHte  profoundly  about  several  properties  of  cc  programs. 

Ftom  the  obtained  net,  it  is  possible  to  recover  ail  and  only  the  computations  as  defined  by  the 
operational  semantics.  Moreover,  much  more  information,  about  concurrency  of  the  steps  involved  in 
each  computation,  is  contained  in  the  net.  In  fact,  both  causal  and  functional  dependencies  between  the 
items  involved  in  a  computation  are  explicitely  expressed  in  the  net. 

The  net  representing  the  concurrent  semantics  of  a  given  cc  program  contains  many  events  and 
conditions  which  are  uninteresting,  like  those  related  to  the  expamsion  of  a  declaration.  Therefore  an 
abstraction  phase,  which  removes  all  such  items,  is  needed  if  one  wants  to  use  in  practice  such  nets  to 
analyse  cc  programs. 

2  Syntax 

In  the  cc  paradigm,  we  consider  the  usual  description  of  the  chosen  constraint  system  as  a  system  of  partial 
information  ^RP91]  {D,  H)  where  D  is  a  set  of  tokens  (or  primitive  constraints)  and  KC  p{D)  x  D  is  the 
entailment  rdation  which  states  which  tokens  are  entailed  by  which  sets  of  other  tokens.  The  language  (we 
consider  a  propositional  language  just  for  simplicity  of  the  technical  developments)  is  concretely  described 
by  the  following  grammar,  where  P  ranges  over  programs,  F  over  sequences  of  procedure  declarations, 
A  over  agents,  and  c  over  constrmnts; 


(Programs) 

P 

::=  F.A 

(Declarations) 

F 

p::A\F.F 

f  Agents) 

A 

::=  success 

1  failure 

jc 

(Tell) 

1  c-»  A 

(Ask) 

\A  +  A 

(Indeterminism) 

\A\\A 

(Parallel  composition) 

1  A  VA 

(Non-determinism) 

Ip 

(Procedure  Call) 

3  Operational  Semantics 

Each  state  of  a  computation  consists  of  a  collection  of  sets  (Afi, . . . ,  Mn),  where  each  set  Mi  is  called 
an  or-siale  and  contains  occurrences  of  agents  and  constraints.  Intuitively,  each  set  Mi  represents  the 
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(intermediate)  result  of  one  nondeterministic  branch  of  a  computation.  Therefore  a  state  represents  the 
(intermediate)  result  of  all  nondeterministic  branches  occurring  in  a  computation. 

Then,  each  computation  step  models  either  the  evolution  of  a  single  agent,  or  the  entailment  of  a  new 
token  through  the  h  relation.  Such  a  change  in  the  state  of  the  computation  will  be  performed  via  the 
Implication  of  a  rewrite  rule 

r:L(r)‘-t^Riir);...;Rt(r) 

where  L(r)  is  an  agent,  c(r)  is  a  constraint,  and  each  Ai(r)  is  a  set  of  agent  and  constraint  occurrences. 
The  intuitive  meaning  of  a  rule  is  that  L{r),  called  the  left  hand  side  of  the  rule,  is  deleted  from  one  of 
the  or-states  of  the  current  state  say  Mj,  and  k  copies  of  the  so  obtiuned  or-state  are  produced.  Then, 
in  each  of  such  copies,  say  copy  t,  Ri{r)  (called  a  right  hand  side  of  the  rule)  is  added.  Ail  this  is  done 
only  if  c(r)  is  present  in  Mj . 

We  have  as  many  rewrite  rules  as  the  number  of  agents  and  declarations  in  a  program  (which  is  finite), 
plus  the  number  of  pairs  of  the  entailment  relation  (which  can  be  infinite): 


(e—*A)'^A 
Ai  II  Ai'^Ai,  Ai 
Ai  +  Aj  Ai 

Ai  +  Aj  ^  Aj 

Ai  VAa~>  AijAj 
In  addition,  there  is  a  rule 
p»-»  A 

for  every  program  clause  p  ::  A  and  a  rule 


for  every  entailment  pair  5 1-  f  in  the  underlying  constraint  system. 

Formally,  rule  application  works  as  follows.  A  rule  r  :  L{r)  /2i(r)i . . . ;  Rit{r)  is  said  to  be  applicable 
in  a  state  Si  =  (Mi Mn)  if  there  exists  Af,-  such  that  (L{r)  U  c(r))  C  Mi.  In  such  a  case,  applying  r 
to  Si  yields  the  state  52  =  (Afi, . . .,  Jl/i_i,(A/j  \  ■^(’’))  ■  •  -  .(Af,-  \  A(r))Ufli(r),  M,+i,. ..,  A/„). 

The  operational  semantics  of  a  given  cc  program  P  consists  of  all  the  computations  for  P,  i.e.,  the 
sequences  of  computations  steps  which  apply  rules  representing  agents  and  constraints- of  P.  We  will  also 
need  the  concept  of  non-redundant  computations,  which  are  those  computations  where  no  entailment  rule 
is  ever  applied  more  than  once  on  the  same  constraint  occurrence. 

Note  that  this  mechanism  of  making  copies  of  the  current  world  whenever  a  nondeterministic  choice 
is  accomplished  is  the  usual  way  to  give  an  operational  semantics  to  languages  with  nondeterminism.  In 
this  way,  a  computation  may  contain  nondeterminism,  and  different  computations  are  instead  originated 
by  different  indeterministic  choices. 

Let  us  now  consider  an  example  of  a  simple  cc  program  with  both  nondeterminism  and  indeterminism 
in  order  to  see  how  these  two  choice  mechanisms  interact.  Suppose  to  have  the  parallel  composition 

(ci  +  ca)  II  (cs  V  C4). 

Although  it  could  aeem  at  first  sight  that  the  two  choices  are  independent,  and  that  ci  and  cj  cannot 
appear  in  the  same  computation,  in  reality  they  can,  and  this  depends  on  the  order  in  which  the  two 
choices  are  made.  In  fact,  if  the  indeterministic  choice  is  made  first,  then  we  have  two  computations,  one 
with  final  state  ({ci.cs},  {ci.c^})  and  one  with  final  state  {{ca,  C3},  {ca,  C4}).  If  instead  the  nondetermin¬ 
istic  choice  is  made  first,  then  we  have  other  four  computations:  two  of  them  produce  the  results  written 
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above,  and  the  other  two  have  final  state  ({ci,C3},  {02,04})  and  ({02, 03},  {oi,  04})  respectively.  Thus  in 
this  second  case  ct  and  03  belong  to  the  same  computation.  In  fact,  once  the  state  has  been  divided  into 
two  or-states,  the  computation  may  proceed  in  different  ways  in  the  two  or-states  and  thus  in  particular 
it  may  choose  to  evolve  to  ci  in  one  or-state  and  to  03  in  the  other  or-state. 

We  will  consider  this  example  again  later  on  in  the  paper.  In  fact,  although  being  very  simple,  it  is 
enough  to  understand  the  relationship  between  nondeterminism  and  indeterminism  from  the  concurrency 
point  of  view  and  to  check  whether  usual  partial  order  structures  may  be  enough  to  represent  concurrency 
in  cc  programs  with  both  kinds  of  choices. 

4  And-Or  Contextual  Nets 

Contextual  nets  [MR93a]  extend  standard  Petri  nets  (actually,  C/E  systems)  with  the  possibility,  for 
each  event,  of  having  context-conditions  besides  pre-  and  post-conditions.  While  pre-conditions  are 
deleted  by  the  event  occurrence,  and  post-conditions  are  created,  context  conditions  are  needed  for  such 
an  occurrence  but  are  left  unchanged.  Contextual  nets  are  able  to  specify  three  relations  2unong  their 
elements:  causal  dependency,  concurrency,  and  mutual  exclusion,  which  in  terms  of  cc  programming  can 
be  interpreted  as  necessary  sequentialization,  possible  concurrency,  and  indeterminism,  respectively. 

In  order  to  be  able  to  model  cc  programs  with  nondeterminsm  as  well,  we  have  to  extend  the  semantic 
structure  so  that  it  can  express  also  nondeterminism.  To  this  end  we  introduce  the  notion  of  and-or 
contextual  nets,  which  add  to  contextual  nets  the  possibility  of  stating  when  some  items  of  the  net  are 
"or-concurrent”,  that  is,  they  belong  to  different  nondeterministic  branches. 

We  will  write  such  nets  as  {B,E-,Fi,F2,F^,  where  B  is  the  set  of  conditions,  E  the  set  of  events, 
El  gives  the  direct  causal  dependencies,  F2  states  the  context  conditions  for  each  event,  and  F3  contains 
pairs  of  postconditions  of  the  same  event  (which  have  to  be  considered  as  or-concurrent).  In  terms  of  cc 
programming,  conditions  are  agents  and/or  tokens,  while  events  are  computation  steps. 

Each  and-or  contextual  net  induces  four  relations  on  its  elements:  causal  dependency,  mutual  exclu¬ 
sion,  or-concurrency,  and  and-concutrency.  Causal  dependency  (<)  is  derived  from  Fi  and  F2,  mutual 
exclusion  (#)  originates  from  events  sharing  a  precondition  and  it  is  propagated  via  the  <  relation, 
or-crmcurtency  (or-co)  originates  from  the  F3  relation  and  it  is  propagated  via  <,  and  and-concurrency 
(and-co)  is  what  is  left  from  the  other  relations:  two  items  are  and-concurrent  if  they  are  not  in  any 
of  the  other  relations.  Two  elements  which  are  not  concurrent  may  be  in  more  than  one  of  the  other 
relations.  For  our  semantics  we  will  consider  only  occurrence  nets,  i.e.,  nets  where  the  <  relation  does 
not  have  cycles. 

And-or  context-dependent  nets  will  be  graphically  represented  in  the  same  way  as  classical  and  con¬ 
textual  nets.  Thus,  conditions  are  circles,  events  are  boxes,  and  the  flow  relation  Fi  is  represented  by 
directed  arcs  from  circles  to  boxes  or  viceversa.  We  choose  to  represent  the  context  relation  F2  by  undi¬ 
rected  arcs  (since  the  direction  of  such  relation  is  unambiguous,  i.e.  from  elements  of  B  to  elements  of  E) 
and  the  or-concurrency  relation  F3  by  undirected  labelled  arcs  (whose  label  is  or).  An  and-or  contextual 
net  can  be  seen  in  Figure  1.  In  this  net,  for  example,  events  ei  and  63  are  mutually  exclusive,  while  £3 
and  £4  are  and-concurrent.  Also,  a  and  b  and  or-concurrent,  and  c  is  a  context  for  both  £3  and  £4. 

5  Concurrent  Semantics 

In  order  to  give  a  concurrent  semantics  to  cc  programs  with  both  in-  and  non-determinism,  we  follow  the 
same  idea  used  for  indeterministic  cc  programs,  that  is,  to  associate  a  net  to  each  program.  However,  while 
the  nets  used  for  indeterministic  cc  programs  are  contextual  nets,  here  we  need  and-or  nets.  Nevertheless, 
the  generating  mechanism  is  very  similar:  we  take  the  rewrite  rules  associated  to  a  given  cc  program 
and  by  using  them  we  incrementally  construct  an  and-or  contextual  net  plus  a  mapping  which  relates 
the  items  of  the  net  to  the  agents,  constraints,  and  rules  of  the  program.  Such  incremental  construction 
is  achieved  via  the  use  of  one  inference  rule  (plus  another  one  to  start).  Each  time  the  inference  rule 
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is  applied,  a  rewrite  rule  is  chosen  whose  left  hand  side  and  context  are  already  present  in  the  partially 
built  net.  Such  elements  have  to  be  and-concurrent  (which  means  that  they  can  appear  together  in  the 
same  or-state).  Then,  a  new  element  representing  the  rule  application  is  added  (as  an  event),  as  well  as 
new  elements  representing  the  right  hand  sides  of  the  rule  (as  conditions). 

The  elements  of  the  net  are  structured  in  such  a  way  that  elements  generated  by  using  different 
sequences  of  rules  are  indeed  different.  That  is,  each  element  contains  its  “history”.  The  way  this  is 
achieved  consists  in  defining  an  element  as  a  pair,  of  which  the  first  element  is  the  type  of  the  term,  and 
represents  the  rule  or  agent  or  constraint  that  the  term  corresponds  to,  and  the  second  element  is  its 
history. 

More  precisely,  assuming  the  net  to  be  obtained  is  {B,  E,  Fi,F2,  F3),  the  starting  inference  rule  is: 

P=:F.A 

{A,9)€B 

which  means  that  we  start  with  one  element,  which  is  a  condition  corresponding  to  agent  A  and  with 
empty  history.  Instead,  the  main  inference  rule  is; 

{so,...,s„_i}  C  B 
Si  and-co  Sj  (i,j  <  n) 

8i  =  {ai,ei)  (j<n) 

Oi  #  Oj  (ij  <  n) 

3r  €  RR(P)  such  that  L(r)  =  {oq,  . .  ■  and  c(r)  =  {on,, , . . ,  On-i) 

«  =  <r,{so,...,s„_i})  €  E 

SiFiS  (i  <  m) 

(m  <  i  <  r») 

V*  =  1, . . . ,  fc,  if  a  €  Jii(r)  then  (a,  e)  €  B  and  eFi  (a,  c) 
a  €  Ri(r)  and  6  €  Rj{r)  and  j  implies  (a,  6)  €  F3 

That  is,  if  we  find  items  of  the  net  which  correspond  to  the  left  hand  side  and  the  context  of  a  rule 
and  which  are  and-concurrent,  then  we  add  a  new  event  corresponding  to  the  rule  application,  and  new 
conditions  corresponding  to  the  elements  of  all  right  hand  sides  of  the  rule.  Then  we  also  suitably  link 
such  new  objects  among  them  via  the  Fi  (dependency),  F3  (context),  and  F3  (or-concurrency)  relations. 
In  particular,  the  F3  relation  is  set  to  hold  among  any  pair  of  items  representing  elements  belonging  to 
different  right  hand  sides  of  the  rule.  For  example,  the  concurrent  semantics  of  the  program  described  at 
the  end  of  Section  3  is  the  and-or  contextual  net  in  Figure  2. 

Note  that  the  above  inference  rule  is  a  simplified  version  of  what  is  actually  needed  to  correctly 
generate  the  and-or  net  corresponding  to  a  given  cc  program.  In  fact,  we  assume  here  that  no  rule  has 
the  same  agent  more  then  once  in  its  right  hand  sides.  However,  if  this  should  happen,  a  straightforward 
extension  of  the  term  coding,  written  as  triple  instead  of  pairs  (where  the  added  element  is  a  natural 
number  used  to  distinguish  the  different  occurrences  of  an  agent)  would  be  enough  (see  [MR93b]). 
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o  (cj  +  Cj)  )|  (C3  V  C4) 


Figure  2:  The  and~oi  contextual  net  giving  the  concurrent  semantics  of  a  cc  program. 


6  Concurrent  vs.  Operational  Semantics 

It  is  important  now  to  understand  the  relationship  between  the  operational  semantics  defined  in  Section 
3  and  the  concurrent  semantics  defined  in  Section  5.  In  particular^  it  is  important  to  be  able  to  show  that 
from  the  concurrent  semantics  it  is  possible  to  recover  all  and  only  the  computations  of  the  operational 
semantics. 

In  previous  studies  concerning  the  concurrent  semantics  of  indeterministic  cc  programs  via  contextual 
nets  [MR93b]  such  relationship  is  very  simple:  any  linearization  (that  is,  a  total  order  of  the  events 
which  is  compatible  with  the  partial  order)  of  each  (maximal  and  left-closed)  subnet  of  the  semantics 
structure  which  does  not  contain  any  pair  of  mutual  exclusive  elements  represents  one  (non-redundant) 
computation;  and  viceversa,  each  (non-redundant)  computation  is  represented  by  one  linearization  of  one 
of  such  subnets. 

When  however  nondeterminism  and  indeterminism  coexist,  the  representation  of  computations  via 
subnets  is  not  possible  any  mote.  Consider  again  the  simple  cc  program  whose  computations  are  described 
at  the  end  of  Section  3  and  whose  semantics  structure  is  depicted  in  Figure  2.  Then,  it  is  easy  to  see 
that  there  is  no  collection  of  subnets  which  may  represent  ^1  its  computations.  In  fact,  if  we  consider  all 
its  subnets  which  do  not  contain  any  psur  of  mutually  exclusive  elements  (which  can  be  seen  in  Figure 
3),  then  we  ate  able  to  represent  only  those  computations  where  the  same  branch  of  the  indeterministic 
dioice  has  been  taken  in  both  or-branches  (either  because  the  indeterministic  choice  was  done  before  the 
or-choice,  or  because  the  choices  in  the  two  or-branches  coincide).  But  we  are  not  able  to  represent  those 
computations  where  the  or-choice  has  been  made  first,  and  where  each  or-branch  evolved  via  a  different 
indeterministic  branch  (one  chose  ci  and  the  other  one  C2). 

A  possible  solution  would  be  to  consider  subnets  that  do  not  contain  pairs  of  mutually  exclusive 
elcmmts.  However,  to  allow  two  in-braches  to  appear  in  the  same  computation,  we  would  have  to  specify 
that  or-choices  must  occur  before  in-choices.  Unfortunately,  recent  approaches  to  the  semantics  of  some 
extennons  of  Petti  nets  have  shown  that  in  presence  of  some  specific  features  it  is  not  possible  to  represents 
concurrency  via  partial  orders,  instead  pairs  of  partial  orders  are  required.  In  the  present  case,  the  first 
partial  order  would  give  a  subnet,  and  the  second  would  specify  the  order  of  choices.  However,  this  would 
still  not  distinguish  between  a  computation  in  which  the  first  in-choice  (cj)  is  taken  in  the  first  or-state 
(cs),  and  the  second  (02)  with  the  second  or-state  (C4)  and  one  in  which  ci  is  taken  with  C4  and  C2  with 
C3. 

Therefore  the  usual  method  of  relating  semantic  nets  to  programs  (using  subnet  selection),  does  not 
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(Cl  +  Cj)  II  (C3  V  C4) 


(ci  +  C2)  II  (C3  V  C4) 


Figure  3:  The  non-mutually-exclusive  subnets  of  the  anci-or  contextual  net  in  Figure  2. 


seem  applicable  in  the  current  setting.  So  we  look  for  alternative  ways  in  which  the  semantic  structure 
may  still  represent  all  and  only  the  computations  of  the  operational  semantics  of  cc  programs.  To  this 
end  we  introduce  the  concept  of  net  execution. 

Informally,  a  net  execution  is  a  sequence  of  steps  which  starts  with  the  entire  net  and  at  each  inter¬ 
mediate  stage  reaches  a  collection  of  subnets  of  the  original  net.  Each  step  executes  one  of  the  events 
of  the  net,  among  those  whose  pre-  and  context-conditions  are  in  the  current  collection  of  nets  (and  are 
minimals),  and  the  result  is  that  the  events  and  its  preconditions  are  cancelled,  together  with  every  item 
which  is  mutually  exclusive  with  that  event.  Moreover,  if  the  event  is  an  or-choice,  a  replication  of  the 
net  containing  the  executed  event  is  made,  in  the  same  manner  as  for  the  operational  semantics. 

More  precisely,  consider  an  and-or  contextual  net  N.  Then  let  us  call  min(N)  the  set  of  all  items  of 
N  which  are  minimal  w.r.t.  the  causal  dependency  relation.  Also,  for  any  event  t  in  N,  let  us  call  pre(e) 
(resp.,  con(e),  post(e))  the  set  of  preconditions  (resp.,  context  conditions,  postconditions)  of  e.  Moreover, 
given  any  condition  s  in  a  net,  let  us  call  or-rest(s)  the  set  5  of  all  conditions  which  are  siblings  of  s 
and  or-concurrent  with  it,  plus  the  set  S'  which  contains  all  elements  (conditions  and/or  events)  which 
depend  on  some  element  of  5  as  well  as  all  events  which  have  some  element  of  5  as  a  context.  Finally, 
given  a  net  N  and  a  set  of  items  5  in  N,  let  us  call  ex(N,  S)  the  net  which  is  obtained  from  N  by  deleting 
all  the  items  which  are  mutually  exclusive  with  any  element  in  5. 

Consider  now  a  cc  program  P  and  the  corresponding  concurrent  semantics  N ,  and  assume  to  have 
a  collection  of  subnets  of  N,  say  {Ni,.  -.fNn)  (at  the  beginning  we  just  have  {N)).  Then  an  execution 
step  is  accomplished  by  choosing  an  event  e  ^  Ni  such  that  pre(e)  U  con(e)  €  mm(iV,  ).  There  are  now 
two  cases  that  can  occur  ; 

•  there  are  no  si,S2  €  post(e)  such  that  si  and  S2  are  or-concurrent;  then  the  new  collection  of  nets 
is 

{Ni,...,  Ni-i,ex{Ni  -  (prc(e)  U  c),  c),  AT.+i , . . . ,  N„) 

•  the  other  case,  where  there  are  instead  pairs  of  or-concurrent  postconditions  of  e,  is  simplified  by  the 
fact  that  this  can  arise  only  from  the  application  of  the  nondeterminism  rule,  which  only  generates 
two  postconditions;  in  this  case,  assuming  post(e)  =  {si,  53},  the  new  collection  of  nets  is 

{Ni,. . . ,  Ni-i,ex{Ni-{pre{e)iJe), c)-  or-rest(si),  ex(./V,— (pre(e)Ue),  e)-  or-rest(s2),  A^j+i , . . . ,  Nn) 

Consider  now  the  set  OS  all  the  (non-redundant)  computations  of  a  cc  program  P  and  the  set  CS  of 
all  the  executions  of  the  corresponding  and-or  contextual  net  N.  Then  there  is  a  bijection  between  OS 
and  CS. 
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This  means  that  it  is  possible  to  recover  all  computations  from  the  and-or  net  representing  the  concur¬ 
rent  semantics  of  P.  Thus  the  concurrent  semantics  does  not  loose  any  information  w.r.t.  the  operational 
semantics.  Indeed,  it  adds  much  information,  concerning  the  possible  concurrency  of  execution  steps,  as 
well  as  the  causal  and  the  functional  dependencies,  are  explicitely  represented. 

7  Abstraction 

The  contextual  net  corresponding  to  a  given  cc  program  can  be  used  to  analyse  cc  programs  in  terms  of 
concurrency,  agent’s  dependency,  choice  points,  parallelism  level,  and  many  others.  However,  the  net  as 
defined  in  the  previous  section  has  many  events  and  conditions  which  are  uninteresting  for  any  reasonable 
analysis.  Therefore  one  could  think  of  abstracting  from  the  information  given  by  such  items,  2md  obtain 
a  net,  or  a  similar  structure,  where  only  the  relevant  information  is  contained. 

A  choice  that  has  been  adopted  also  in  many  operational  semantic  approaches  for  cc  programs  is  to 
say  that  only  ask  and  tell  agents  are  important.  Therefore,  in  our  terms,  it  would  mean  that  we  only 
want  to  keep  those  events  which  represent  the  evolution  of  ask  agents  or  tell  agents^ . 

To  do  that,  consider  an  and-or  net  (B,  E,  Fi,  F2,  F3),  plus  the  mapping  to  the  cc  program  rules,  and 
the  corresponding  relations  <,  #,  or-co,  and  and-co.  Now,  consider  the  set  of  events  E'  C  E  such  that 
F*  =  {e  €  B  I  e  =  {ei,e2)  ei  is  an  ask  or  a  tell  rule}.  Then  the  structure  (E',<i^,,  or-co  |^,)  relates  the 
interesting  events  via  the  same  relations  as  above,  but  projected  over  E'.  This  structure  is  obviously  not 
an  and-or  contextual  net,  because  it  does  not  contain  any  conditions.  However,  it  is  nevertheless  able  to 
provide  causality,  indeterminism,  and-concurrency,  and  or-concurrency  information  among  the  selected 
events. 

Note  also  that  the  abstract  structure  so  obtained  is  able  to  represent  the  computations  and  the 
dependencies  present  in  many  programs,  possibly  very  different  among  them.  Therefore  reasoning  on 
the  net  instead  of  on  the  program  allows  one  to  focus  on  the  crucial  issues  regarding  causality  and 
functionality,  and  to  be  independent  of  the  particular  recursive  set  of  agent  definitions  which  have  been 
chosen  to  represent  such  causality  information. 
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1  Introduction 

An  important  feature  of  modern  database  management  systems  is  the  automatic  checking  of  in¬ 
tegrity  constraints.  An  integrity  constraint  is  a  predicate  or  query  such  that  if  the  predicate  holds 
on  a  state  of  the  data,  or  equivalently  if  the  query  produces  an  empty  answer,  then  the  database  is 
considered  valid.  When  an  integrity  construnt  is  violated,  i.e.,  when  the  predicate  does  not  hold  or 
the  query  produces  a  non-empty  answer,  then  the  update  creating  the  undesirable  database  state 
must  be  rejected  or  some  other  compensating  action  must  be  taken. 

We  are  interested  in  efficient  methods  for  checking  integrity  constraints  (hereafter  called  con¬ 
straints)  as  a  database  is  updated.  Here,  general  efficiency  is  measured  both  in  the  amount  of  data 
that  needs  to  be  accessed  in  order  to  check  a  constrsunt,  and  in  whether  the  check  can  be  performed 
by  submitting  a  query  to  the  database  system  (rather  than  running  an  algorithm  directly  on  the 
data).  In  terms  of  complexity,  we  are  not  interested  in  methods  that  are  exponential  in  the  size  of 
the  data  or  in  the  number  of  constr^nts,  but  we  are  willing  to  accept  methods  that  are  exponential 
in  the  size  of  the  construnts  themselves  since,  in  databases,  constraints  tend  to  be  short. 

Suppose  that  we  have  a  constraint  C,  and  a  database  update  occurs.  We  need  to  ensure  that 
C  still  holds  after  the  update.  Assume  that  we  have  available  at  least  the  update  itself  and  the 
definition  of  C.  In  addition  to  this  information,  there  are  three  levels  in  the  amount  of  data  we  might 
use  to  check  the  constraint:  none,  some,  or  all.  Using  none  of  the  data  corresponds  to  the  query 
independent  of  update  problem,  which  has  been  studied  in  its  generality  in  [BT88,  Elk90,  LS93] 
and  vnth  respect  to  constraints  by  us  in  [GSUW94].  Using  all  of  the  data  amounts  to  efficient 
evaluation  of  predicates  or  queries  over  the  database  [BC79,  GMS93,  HD92,  Nic82,  QW91,  U092]. 
We  study  the  case  where  some  of  the  data  is  used  to  check  the  constraint.  This  scenario  arises 
whenever  certain  data  involved  in  the  constraint  is  very  expensive  or  impossible  to  access,  such  as 
in  distributed  database  systems  or  collaborative  design  [TH93,  GT93].  Hereafter  we  refer  to  the 
portion  of  the  data  used  to  check  a  constraint  as  accessible  data,  and  we  refer  to  the  portion  of  the 
data  involved  in  a  constraint  but  not  used  to  check  the  constraint  as  inaccessible  data. 

*Researdi  qxnasored  by  NSF  grants  IRI-91-16646  and  IRl-92-23405,  by  ARO  grant  DAAL03-91-G-0177,  by 
ARPA  c(»itract  F33615-93-1-1339,  and  by  a  grant  of  Mitsubishi  Ellectric  Corp. 
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Note  that,  unless  all  of  the  relevant  data  is  accessible,  our  construnt  checking  methods  will  be 
conservative.  That  is,  by  looking  at  only  some  of  the  data,  we  may  be  able  to  determine  that  the 
constraint  still  holds,  or  we  may  determine  that  it  is  necessary  to  look  at  all  of  the  data  to  check  the 
construnt.  A  check  is  correct  if,  whenever  it  determines  that  a  constraint  still  holds,  then  indeed 
the  constradnt  holds.  We  also  want  our  checks  to  be  complete,  but  completeness  is  with  respect  to 
the  accessible  data.  A  check  is  complete  in  this  sense  if,  whenever  we  determine  that  a  constrmnt 
may  not  hold,  there  b  some  configuration  of  the  inaccessible  data  for  which  the  constrmnt  indeed 
does  not  hold. 

In  the  rem^der  of  this  short  paper  we  outline  the  languages  we  have  been  considering  for 
database  constraints  and  we  solidify  the  notion  of  using  some  of  the  data  to  check  a  constraint.  We 
then  ^ve  several  examples  that  illustrate  when  and  how  our  constraint  checking  methods  apply. 
(Due  to  space  limitations,  complete  technical  results  are  not  included.)  The  examples  serve  to 
bring  out  a  number  of  problems  we  have  not  yet  solved,  which  are  enumerated  at  the  end  of  the 
paper. 

2  Problem  Definition 

We  con^der  relational  databases  where  relations  are  modeled  as  predicates  and  queries  are  expressed 
as  lo^cal  rules  that  derive  a  result  predicate,  as  in,  e.g.,  Datalog  [U1188].  Examples  are  given  below. 
A  constraint  is  expressed  as  a  query  whose  result  is  a  special  0-ary  predicate  that  we  call  panic. 
If  the  query  produces  0  on  a  given  database  D,  then  the  constraint  holds  for  D,  If  the  query 
produces  panic  then  the  constrmnt  is  violated.  The  difficulty  of  checking  constrmnts  depends 
on  the  language  that  we  use  to  express  constraint  queries.  Examples  of  interesting  languages  for 
expressing  constraint  queries  are: 

1.  Conjunctive  queries  [CM77]. 

2.  Nonrecursive  Datalog,  or  unions  of  conjunctive  queries  [SY80]. 

3.  Conjunctive  queries  with  arithmetic  comparisons  [Klu88]. 

4.  Datalog  with  negation  [U1188]. 

5.  Recursive  Datalog,  possibly  with  arithmetic  comparisons  and/or  negation  and/or  arithmetic 
operators  [U1188]. 

For  some  combinations  of  a  language  above  and  an  amount  of  information  used  (none,  some,  or 
alt),  the  constraint  checking  problem  can  be  reduced  to  other  problems  that  have  been  studied  in 
the  literature;  see  [GSUW94]  for  a  discussion.  For  instance,  conjunctive  query  contmnment  results 
can  be  used  to  check  constraints  when  only  updates  and  constraint  definitions  are  used  [LS93]. 

In  this  paper  we  focus  our  discussion  on  constraints  expressed  as  conjunctive  queries  with 
arithmetic  comparisons,  we  suppose  the  only  accessible  relation  is  the  updated  relation,  and  we 
consider  updates  that  are  insertions  of  a  single  tuple.  The  general  form  of  a  conjunctive  query 
constraint  is: 

panic  :-  /  &  ri  &  ...  k  rn  ic  ci  k  ...  k  Ck- 

Here,  I  is  the  predicate  for  which  the  corresponding  relation  L  is  accessible,  the  relation  Ri  for  each 
of  the  r.’s  is  inaccessible,  and  each  Ci  is  an  arithmetic  comparison  involving  one  of  <,<,>,  >,  =.^ 

use  of  L  and  R  refers  to  the  fact  that,  in  distributed  databases,  the  “Local”  data  is  accessible  and  the 
“Remote”  data  is  inaccessible. 
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Let  tuple  t  be  inserted  into  relation  L  and  assume  constraint  C  holds  before  the  insertion.  We 
want  to  use  L,  C,  and  t  to  infer  that  C  b  not  violated  after  the  insertion.  We  derive  a  condition 
that  relation  L  needs  to  satbfy  in  order  for  t  not  to  violate  C.  We  refer  to  thb  condition  as  the  test 
condition.  If  the  test  condition  b  satbfiabie,  then  relations  /2i, . . . ,  i2n  do  not  need  to  be  accessed. 
The  test  condition  b  obtained  by  reducing  the  problem  outlined  above  to  the  problem  of  checking 
if  a  conjunctive  query  b  contained  in  a  union  of  conjunctive  queries;  details  are  in  [GSUW94]. 

3  Examples 

EXAMPLE  1.  Consider  an  employee-department  relational  database  with  two  relations: 

D,  S)  %  employee  number  E  in  department  D  has  salary  S 

dept(i>,  MS)  %  some  manager  in  department  D  has  salary  MS 

Let  the  constraint  assert  that  every  employee  earns  less  than  every  manager  in  the  same  department. 
Thb  constraint  b  expressed  as  a  conjunctive  query  C  such  that  if  C  produces  panic  then  the 
constraint  b  violated: 

C:  panic  eiiip(.E,  £>,  S)  &  dept  (2?,  AdS)  is  S  >  MS. 

Let  relation  EMP  for  predicate  emp  be  accessible  and  relation  DEPT  be  inaccessible.  Suppose  tuple 
•iq>(e,  dl,50)  b  inserted  into  relation  EMP.  Constraint  C  will  be  violated  if  department  dl  has  a 
mamager  whose  salary  b  <  50.  However,  suppose  department  dl  already  has  an  employee  whose 
salary  b  100.  Since  constraint  C  is  not  violated  before  the  insertion,  we  can  infer  that  no  manager 
in  dl  earns  as  little  as  100,  and  therefore  emp(e,dl,50)  does  not  violate  constraint  C. 

The  above  inference  procedure  can  be  formalized  by  specifying  a  test  condition  on  the  relation 
EMP  and  the  inserted  tuple,  such  that  if  EMP  satbfies  the  test  condition,  then  the  inserted  tuple  does 
not  violate  the  constrsunt.  For  constraint  C,  the  test  condition  b  the  following  Datalog  query  that 
derives  insertion^ok  if  and  only  if  the  inserted  tuple  does  not  violate  C,  independent  of  the  value 
of  relation  DEPT. 

insertionjok  iii8erted(£,  D,  S)  is  •mp(X,  D,Y)  is  Y  >  S. 

Relation  IHSERTED  contains  only  the  inserted  tuple  and  EMP  does  not  contain  the  inserted  tuple. 
Thb  test  b  complete  with  respect  to  the  accessible  data,  as  defined  in  Section  1.  □ 

Note,  the  test  condition  in  Example  1  is  a  single  Datalog  rule  and  was  derived  without  consider¬ 
ing  the  actual  value  of  the  inserted  tuple.  We  now  give  two  examples  that  illustrate  the  complexity 
that  simple  arithmetic  comparison  operators  <,  >,  <,  >  introduce.  Example  2  shows  that  the  com¬ 
plete  test  could  be  a  recursive  Datalog  program.  The  constraint  in  Example  3  also  has  a  complete 
test  in  the  form  of  a  recursive  Datalog  program,  but  illustrates  the  computational  complexity  of 
evaluating  the  test. 

EXAMPLE  2.  We  shall  refer  to  thb  example  as  forbidden  intervals. 

C:  panic  \{X,Y)  is  t(Z)  is  X  <  Z  <Y. 

Each  pair  in  the  accessible  relation  L  can  be  thought  of  as  the  ends  of  an  interval  that  no  Z  in  the 
inaccessible  relation  R  may  occupy. 

Suppose  relation  L  has  the  tuples  (3,6)  and  (5,10).  The  tuples  of  relation  R  that  violate  the 
constraint  ^ven  tuple  1(3,6)  lie  in  the  interval  [3,6]  and  similarly,  the  tuples  of  relation  R  that 
violate  the  constraint  given  tuple  1(5, 10)  lie  in  the  interval  [5, 10].  If  the  constraint  b  not  violated 
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then  we  can  infer  that  the  tuples  of  the  inaccessible  relation  lie  outside  the  forbidden  intervals  [3, 6] 
'and  [5, 10]  and  therefore  outside  the  combined  forbidden  interval  [3, 10]. 

Let  tuple  l(a,  6)  be  inserted  into  relation  L.  If  a  >  3  and  b  <  10,  then  the  forbidden  interval 
for  l(a,6)  is  contained  in  the  union  of  the  forbidden  intervaJs  of  one  or  more  existing  tuples,  and 
relation  R  need  not  be  accessed  in  order  to  infer  that  construnt  C  is  not  violated.  Note,  the 
complete  test  may  need  to  access  multiple  ejdsting  tuples  in  order  to  make  the  above  inference. 
An  incomplete,  but  sufficient,  test  would  be  to  check  that  the  forbidden  interval  for  some  single 
existing  tuple  contains  the  forbidden  interval  for  the  inserted  tuple.  That  corresponds  to  using 
a  single  tuple  in  the  accessible  relation  as  opp<»ed  to  using  an  arbitrary  number  of  tuples,  and 
was  the  approach  taken  in  our  initial  work  [GW93].  The  sufficient  test  is  linear  in  the  number  of 
tuples  in  L  whereas  the  complete  test  could  be  exponential,  if  implemented  naively.  With  some 
preprocessing,  the  complete  test  can  also  be  evaluated  in  linear  time  [GSUW94]. 

The  complete  test  for  this  example  is  the  following  recursive  Datalog  program  that  derives 
insertionjok  if  and  only  if  the  inserted  tuple  does  not  violate  C,  assuming  that  C  was  not  violated 
before  the  insertion. 

insertionjok  in8arted(A,  B)  &  forbidden_int(C,  D)kA>Ck.B<D. 

forbiddenJnt(C,  D)  1(C,  D). 

forbiddenJjit(C,  D)  forbiddenj.nt(C,  A")  &  forbiddenJ.nt(y,  D)  k  X  >Y. 

□ 

EXAMPLE  3.  Consider  a  constraint  C  that  involves  two  variables  in  the  inaccessible  relation: 

C:  panic  :-l{U,V,W,Z)kT{X,Y)  kU  <X  <V  kW  <Y  <Z. 

Intuitively,  the  above  constraint  is  the  forbidden  interval  constraint  in  two  dimensions.  A  tuple  in 
relation  R  defines  a  point  in  a  two  dimensional  space  and  a  tuple  in  relation  L  defines  a  rectangular 
region  in  this  2-D  space.  Constrmnt  C  requires  that  ail  the  points  defined  by  the  inaccessible 
relation  R  lie  outside  every  rectangular  region  defined  by  the  accessible  tuples.  Therefore,  an 
inserted  tuple  l(a,  6,  c,  d),  does  not  violate  C  if  the  rectangle  defined  by  l(o,  6,  c,  d)  is  contuned  in 
the  union  of  the  rectangles  defined  by  the  existing  tuples  in  L.  The  test  for  determining  when  a 
rectangle  is  contained  in  a  set  of  other  rectangles  can  still  be  represented  as  a  recursive  Datalog 
program.  However,  building  the  program  is  not  as  straightforward  as  in  Example  2.  In  addition, 
the  complexity  of  the  test  is  high  even  with  preprocessing.  Without  preprocessing  the  test  is 
exponential  in  the  number  of  tuples  in  L.  □ 

4  Discussion 

In  [GSUW94]  we  identify  some  subclasses  of  conjunctive  query  constraints  with  arithmetic  compar- 
isons  for  which  the  complete  test  is  a  (recursive)  Datalog  program.  We  also  identify  some  subclasses 
where  the  complete  test  does  not  need  to  consider  multiple  tuples  from  the  accessible  relation,  but 
can  consider  tuples  one  at  a  time  (i.e.,  there  is  no  need  to  consider  combinations  of  tuples,  as 
in  Example  2).  The  test  condition  for  conjunctive  query  constraints,  including  the  subclasses,  is 
NP-complete.  However,  in  at  least  some  cases,  the  exponential  behavior  is  only  in  the  size  of  the 
constraint  specifications,  which  we  believe  will  be  relatively  small.  In  other  cases  the  tests  may  be 
exponential  in  the  size  of  the  database  or  the  number  of  constraints  in  the  system.  In  such  cases 
sufficient  tests,  instead  of  complete  tests,  may  be  preferable. 

For  conjunctive  query  constraints  that  use  function  symbols  like  +,  —  (instead  of  only  arithmetic 
comparisons),  the  complete  test  is  an  implication  condition  where  both  sides  of  the  implication  use 
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disjunction  and  the  function  symbols.  Even  though  the  implication  condition  can  be  derived  in 
time  exponential  in  the  size  of  the  constraint,  evaluating  the  implication  may  be  undecidable  or 
have  very  high  complexity.  However,  for  some  subclasses  the  ideas  outlined  in  this  paper  can  be 
extended  to  derive  suflSdent  decidable  tests. 

5  Future  Research  Directions 

Many  interesting  avenues  remain  unexplored  in  making  constraint  checking  efficient  following  the 
framework  we  outlined  above.  We  plan  to: 

•  Consider  more  expressive  constraint  languages.  Aggregate  functions  like  MAX,  SUM,  AVG,  etc. 
make  the  constraints  more  general.  For  instance,  we  might  want  a  constraint  requiring  the 
average  gradepoint  of  a  graduating  student  to  be  at  least  3. 

•  Use  different  amounts  and  type  of  information.  For  instance,  constraint  Ci  might  be  checked 
using  constraints  C2  and  C3,  possibly  together  with  some  functioned  dependency  information. 

In  distributed  database  systems,  such  algorithms  can  be  used  to  increase  the  amount  of 
constraint  checking  that  can  be  done  locally,  without  accessing  remote  data. 

•  Devise  algorithms  to  efficiently  perform  local  tests.  As  the  examples  in  this  paper  illustrate, 
the  test  conditions  often  have  high  complexity.  Techniques  from  constraint  logic  program¬ 
ming,  operations  research,  and  other  areas  provide  ways  of  evaluating  the  tests  efficiently. 
For  instance,  in  Examples  2  and  3,  algorithms  from  computational  geometry  are  useful  for 
efficient  evaluation. 

•  For  constraints  where  the  complexity  of  local  checking  is  inherently  very  high,  it  is  useful  to 
look  for  sufficient  tests  that  are  efficient  to  implement  even  though  they  may  not  be  complete. 
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Abstract 

We  prove  positive  and  negative  resnlts  on  the  expressive  power  of  the  relational  calculus 
augmented  with  linear  constraints.  We  show  non-expressibility  of  some  properties  expressed 
by  polynomial  constraints.  We  also  show  expressibility  of  some  queries  involving  existence 
of  lines,  when  the  query  output  has  a  simple  geometrical  relation  to  the  input.  Finally, 
we  compare  the  expressive  power  of  linear  vs.  polynomial  constraints  in  the  presence  of  a 
discrete  order. 


1  Introduction 

An  active  area  of  recent  research  is  concerned  with  integrating  constraints  into  logical  formalisms 
for  programming  languages  [DG,JL87,Ma87,Sa]  and  database  query  languages  [BJM93,KKB.90, 
Kup90,Kup93,Re90].  Constraints  axe  incorporated  in  logic  programming  systems  such  as  CLP, 
Prolog  m  and  CHIP.  The  class  of  linear  constraints  is  of  particular  interest,  because  of  its 
applicability  and  the  potential  for  efficient  implementation  [HJLL90,JL87,Lai90]. 

Kanellalds  et.al.[KKR90]  describe  a  methodology  to  combine  constraint  programming  with 
database  query  languages.  They  propose  several  generalizations  of  the  traditional  relational 
database  calculus  (first-order  logic).  One  of  the  more  powerful  languages  described  in  [KKR90] 
is  the  relational  calculus  augmented  with  polynomial  constraints,  FO+poly.  This  language  is 
powerful  enough  to  express  many  geometric  problems,  and  has  NC  data  complexity;  however, 
the  complexity  of  quantifier  elimination  (over  real  dosed  fields)  makes  it  impractical  for  most 
purposes.  A  natural  question  therefore  is  to  ask  what  happens  if  constraints  are  restricted  to  be 
linear. 

tNationsl  Technical  University  of  Athens,  Computer  Sdence  Division,  Heroon  Politechniou  9,  157  73  Zo- 
graphou,  Athens,  Greece;  afratiQtheseas.ntaa.gr. 
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In  this  paper  we  study  the  expressive  power  of  the  i  'ilational  calculus  augmented  with  linear 
constraints,  FO+linear.  We  first  give  some  negative  results,  showing  that  there  exist  prop¬ 
erties  in  FO+poly  which  are  not  expressible  in  FO+linear.  We  use  the  well-known  technique 
of  Ehrenjeucht-Praisse  games  [Eh61,Ft54].  We  show  that,  when  constraints  are  introduced  to 
first-order  logic,  games  can  be  appropriately  adapted  to  prove  non-definability;  by  contrast,  tech¬ 
niques  such  as  the  compactness  theorem  (from  first-order  logic)  or  locality  and  0/1  laws  (from 
finite  model  theory)  fail  with  constraints  [GS94]. 

A  natural  subset  of  FO+poly  singled  out  in  [KKR90]  is  FO+lines;  it  extends  FO+linear  with 
variables  ranging  over  lines.  We  show  that  there  exist  properties  in  FO+lines  which  are  not 
expressible  in  FO+linear.  We  also  show  that  some  natural  queries  in  FO+lines  can  be  expressed 
in  FO+linear  when  the  output  of  the  query  has  a  simple  geometrical  relation  to  the  input. 

Maybe  the  most  basic  query  expressed  by  line  variables  is  “compute  the  set  of  lines  contained 
in  the  database.  We  do  not  know  if  it  is  expressible  in  FO+linear.  We  show,  however,  that  it  is 
linear,  i.e.,  if  the  input  is  defined  by  linear  constraints,  the  output  is  defined  by  linear  constraints 
as  well.  Linearity  is  a  desirable  property  of  query  languages  with  linear  constraints,  because 
it  makes  it  possible  to  cascade  queries.  It  can  be  shown  that  queries  expressed  in  FO+linear 
are  linear.  Also,  queries  expressed  in  a  fragment  of  FO+poly  described  in  [HJLL90,  La90]  (the 
parametric  queries)  are  linear.  It  is  an  interesting  open  problem  to  find  the  most  general  fragment 
of  FO+poly  which  expresses  only  linear  queries. 

We  also  compare  the  expressiveness  of  linear  vs.  polynomial  constraints  in  a  different  context, 
namely  in  the  presence  of  a  discrete  order.  We  show  that  including  addition  in  first-order  logic 
increases  its  expressive  power.  Adding  multiplication  increases  the  expressive  power  further. 
Ndther  is  the  case  for  Datalog,  because  of  the  availability  of  recursion.  Results  in  a  similar 
perspective  axe  presented  in  [NS93],  where  it  is  shown  that  no  formula  of  first  order  lo^c  using 
linear  ordering  and  the  logical  relation  y  ~  2z  can  define  the  property  that  the  size  of  a  finite 
model  b  divisible  by  3. 

2  Background 

Databases  are  subsets  of  the  A;-dimensional  Euclidean  space  TV’  {Tt  b  the  real  line).  Queries 
are  functions  from  databases  to  databases;  Boolean  queries  are  functions  from  databases  to 
{true,  false}. 

FO+poly  [KKR90]  b  the  set  of  first-order  formulas  (with  equality)  over  atomic  formulas  as 
follows: 

(i)  S{xi, ...,  Xk),  meaning  the  point  (xi,...,  xu)  b  in  the  database  S. 

(ii)  Polynomial  constraints  of  the  form 

/(ii,...,i*)  0  0 

where  /  b  a  i;-vaxiable  polynomial  (with  real  coefficients)  and  9  €  {>,  =}. 

Note  that  >,  ^  are  expressed  as  Boolean  combinations  of  >,  =.  Also,  when  writing  FO+poly 
formulas  we  will  use  abbreviations  such  as  z  <  e  (instead  of  — z  -I-  e  >  0)  and  5(z  -f  1,  y)  (instead 
of  32.{z  =  z  -I- 1  a  S(z,  y)}). 

FO+linear  b  the  subset  of  FO+poly  obtained  be  restricting  constraints  to  be  linear. 
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Formulas  of  FO+poly  with  free  variables  define  queries:  the  output  is  the  set  of  tuples  satisfy¬ 
ing  the  formula.  Sentences  define  Boolean  queries.  If  the  input  to  a  FO+poly  query  is  defined  by  a 
Boolean  combination  of  polynomial  constraints,  the  output'is  also  defined  by  such  a  combination 
[KKR90]. 

A  linear  database  is  a  subset  of  'RJ‘  defined  by  a  Boolean  combination  of  linear  constraints. 

A  linear  query  is  a  function  from  linear  databases  to  linear  databases. 

Formulas  of  FO+linear  with  free  variables  define  linear  queries.  To  see  this,  consider  the 
formula  obtained  by  substituting  the  definition  of  the  input  (by  linear  constraints)  into  the  query 
formula.  Now  the  quantifiers  can  be  eliminated,  as  follows:  if  C  is  a  set  of  linear  constraints 

X  >  fi 
X  <  fj 

X  =  fk 

X  =  f, 

(where  x  does  not  occur  in  the  /’s),  then  the  formula  3x.  AC  is  equivalent  to  the  formula  A C*, 
where  C  is  the  set  of  linear  constraints 

fi<  fk  =  ft  <  fj- 

Formulas  of  FO+poly  do  not  in  general  define  lineax  queries,  as  can  be  seen  by  standard 
geometric  argiiments  (consider,  for  instance,  the  set  of  pairs  (x,  y)  satisfying  =  1).  The 

parametric  queries  [l/a90,HJLL90]  is  a  class  of  formulas  of  FO+poly  which  define  linear  queries 
(by  the  Subsumption  Theorem  and  variable  elimination  [La90]). 

FO+lines  is  an  extenaon  of  FO+linear  with  variables  ranging  over  points  and  lines  in 
Atomic  formulas  ^(p),  S{1)  mean  the  point  p  (resp.  the  line  1)  is  contained  in  the  database  S\ 
p  €  I  means  the  point  p  lies  on  the  line  L  It  can  be  seen  that  FO+lines  queries  can  be  expressed 
in  FO+poly.  More  generally,  one  can  consider  variables  of  higher  dimension.  It  can  be  seen  that 
extending  FO+poly  in  this  way  does  not  increase  its  expressive  power  [KKR90]. 

3  Linear  constraints  are  less  expressive  than  polynomial 

3.1  Games  and  the  expressiveness  of  FO+-poly 

Definition  1  The  n-round  Ehrenfeucht-Fraisse  game  is  played  between  two  players  on  two  databases 
V,7y  Q  'Rf.  At  round  r  player  I  picks  a  point  Pr  E  71  and  associates  it  to  either  V  or  ;  player 
II  responds  by  picking  qr  EH  and  associating  it  to  the  other  database. 

For  each  r  /cf  be  the  points  associated  xvith  27, P'  respectively;  —  {Pn^r}-  Player 

II  wins  the  game  iff 

(i)  ti  =tj  iff  t[  =  tj  and 

(ii) {Ur,..-,ti,)EViffit\^,...,t>Je7r. 

The  above  condition  is  extended,  given  a  set  C  of  constraints  over  n  variables,  by  the  clause 
(Hi)  c(t„ , . . . , ti„)  iff  c(t|, ,..., t[J,  for  every  constraint  c  in  C. 


The  well-known  theory  of  Ehrenfeucht-Fraisse  games  [Eh61,Fr54]  ^ives  the  following  results: 

Theorem  2  Let  Q  be  a  property  of  databases.  For  each  n  and  each  finite  set  of  linear  constraints 
C  (over  n  variables),  the  following  are  equivalent: 

(a)  Q  is  not  expressible  in  FO+Unear  with  quantifier  depth  at  most  n  and  constraints 
from  C. 

(b)  There  exist  databases  ^hich  differ  wrto  Q  such  that  player  II  wins  the 

n-round  Ehrenfeucht-Fraisse  game  on  Va,c,  ^n,c- 

Corollary  3  Let  Q  be  a  property  of  databases.  The  following  are  equivalent: 

(a)  Q  is  not  expressible  in  FO-f linear. 

(b)  For  each  n  and  each  finite  set  of  linear  constraints  C  (over  n  variables),  there 
exist  databases  ‘I^n,c  ‘uihich  differ  wrto  Q  such  that  player  II  wins  the  n-round 
Ehrenfeucht-Fraisse  game  on  Vn,CiLy„(;. 

Consider  databases  consisting  of  a  subset  U  of  the  teal  line.  We  will  use  Corollary  3  to  show: 
Theorem  4  The  set  of  databases  satisfying 

3i.3t/.  {I/(i)  A  17(y)  Ai^ -h  =  1} 
is  not  expressible  in  FO-|-linear, 

Proof:  (Sketch)  Given  n  and  C  as  in  Corollary  3,  we  will  find  points  S,S\€  such  that 

+  =  1 

+  ^  1 

and  player  II  has  a  winning  strategy  for  the  game  played  on  the  databases 

V  =  {«,<} 

V  =  {«',«}. 

Let  be  the  points  associated  (at  round  r)  with  respectively  (Definition  1).  For 

each  r,  0  <  r  <  n,  we  define  sets  of  linear  constraints  Ct,C!,  on  the  points  {ti, . . . ,  t,,  6,  c}  and 
{tj, . . . ,  t',  5\  e}  respectively.  A  constraint  c(ti, . . . ,  5,  e)  is  in  Cr  iff  the  corresponding  constraint 

c(<j,  S',  e)  is  in  C'.  We  proceed  by  induction  on  r: 

r  =  n  :  Cn  =  {t;  =  tj,  t,  j  =  1, . . . ,  n}U 
{<i  =  5  :  *  =  1, . . .,  n}U 
=  €  :  *  =  1,. .  .,n}U 

{c(t„ , . . . ,  <,„)  :  where  c  €  C,1  <  ij  <  n}. 

0<r<n:  Cr  =  {t;  =  <j,  t,  j  =  1, . . .,  r}U 
{ti  =  5  :i  =  1, ...,r}U 
{ti  =  e:i  =  l,...,r}U 
{c(fi, , . . . ,  ti„)  :  where  c  G  C,  1  <  z,  <  r}U 
A, 
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where  A  is  the  set  of  constraints  obtained  by  eliminating  tr^i  from  the  set  Cr+i- 

We  say  that  Cr,  C'  are  equisatisfied  iff  a  constraint  in  Ct  is  true  just  in  caise  the  corresponding 
constraint  in  C'  is  true. 

Claim:  If  are  equisatisfied,  then  for  any  choice  of  tr+i  (resp.  t'+i)  there  is  a  choice  of 
^r+i  (resp.  <,+i)  such  that  Cr+i,C'+i  are  equisatisfied. 

It  follows  that,  if  Co,Cq  are  equisatisfied,  player  II  can  play  so  that  are  equisatisfied. 

Le.,  by  the  definition  of  Q  player  II  can  win  the  n-round  game,  since 

x^ViSx  =  6Vx  =  € 


(resp.  I  G  2?'  iff  I  =  V I  =  €). 

We  now  show  how  to  pick  S,  S',  c  so  that  Co,Cq  aire  equisatisfied.  Write  the  constraints  in  Co 
in  the  form  S  6  where  6  £  {>,  <,  =}.  Pick  c  so  that  /m(c)^  +  ^  1  for  every  m.  Pick  S  so 

that  <5^  -f-  =  1.  Now  S  ^  /m(^)  for  every  m,  and  by  choosing  S'  close  enough  to  S  we  can  make 

sure  that  Co,  C'q  arc  equisatisfied.  ■ 

3.2  The  expressiveness  of  FO+lines 

We  consider  databases  consisting  of  a  binary  relation  S.  The  Boolean  query  in-line  asks  whether 
S  is  contained  in  a  line.  It  is  expressible  in  FO+poly,  by  the  formula 

3u.3ti.3tu.Vi.Vj/.{5(x,  y)  — >•  ui  +  uy  +  u;  =  0}. 

In  particular,  it  is  expressible  in  FO+lines  by  the  formula 

3(.Vp.{S(p)-p€l}- 

Theorem  5  The  in-line  query  is  not  expressible  in  FO-flinear. 

Proof:  We  show  that,  if  the  in-line  query  is  expressible  in  FO+linear,  then  the  set  of  tuples 
(i,  y,  z)  satisfying  z  =  zy  is  definable  in  FO+linear,  the  latter  can  be  shown  to  be  false. 

Given  x,y,z,  let  5  be  a  binary  relation  containing  three  tuples: 

S  =  {[l.a;],[0,0],[y,z]}. 

It  is  easy  to  verify  that  the  three  points  are  on  a  line  if  and  only  if  z  =  xy.  ■ 


4  Expressibility  of  some  FO+lines  queries 

We  consider  databases  consisting  of  a  binary  relation  5.  The  Boolean  query  exists-line  asks 
whether  5  contains  a  line;  it  is  expressible  in  FO+lines  by  the  formula 

3LS{1).  . 

The  more  general  lines  query  returns  the  set  of  lines  contained  in  S.  The  output  of  lines  is  a  set 
of  tuples  (u,  V,  w),  each  specifying  the  set  of  points  (z,  y)  satisfying  ux  +  vy  +  w  =  0.  Both  lines 
and  exists-line  are  expressible  in  FO+poly,  using  the  formula 

Vz.Vy.{«z  3-  vy  tc;  =  0  — »•  S{x,  y)}. 
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The  line*intersection  query  returns  all  points  p  which  are  intersections  of  (pairs  of  distinct)  lines 
contained  in  5;  it  is  expressible  in  FO+lines  by  the  formula 

3/i.3/2.  {Sill)  ^  3(12)  Ml  I2 

Ap€/iAp£/2}. 

We  will  show  that  exists-line  and  line-intersection  can  be  expressed  in  FO-hlinear  for  databases 
of  certain  geometric  shapes.  We  will  sdso  show  that  lines  is  a  linear  query. 

Definition  6  A  two-slope  database  S(x,  y)  has  the  form 

(i  >  A  A  y  <  Oil  -h  si) 

V  (^2<x<  ^i  A  y  <  7) 

V  (x  <  02  A  y  <  0:23:  +  52) 

(see  Figure  1 ). 

A  two-slope  database  contains  a  line  iff  oi  >  0f2- 

Theorem  7  The  exists-line  query  is  expressible  in  FO-flinear  for  two-slope  databases. 

Proof:  (Sketch)  Let  (p  be  the  formula 

Sz.Bw.  {-'S(Xf2)  A-<S(—x,w)  A  z w  <  y 
A  I  >  61  A  -I  <  62}- 

Suppose  5  is  a  two-slope  database  with  parameters  0i,02,  (^1,02,  si,  S2, 7  as  in  Definition  6.  For 
l>i  >  l>2  <  02i  the  formula  <p  is  equivalent  to 

y  >  (tti  —  02)1  +  Si  -I-  S2 

X  >  61,-62. 

It  follows  that,  for  61  >  ^i,  62  <  02}  the  formula  Vy.3x.^  is  true  iff  oi  —  02  <  0  (since  62  <  61 
implies  x  >  0). 

Now  the  formula 

3Si.352.V6i.V62.{(6i  >  5i  A  62  <  B2)  (Vy.3x.^)} 

is  true  iff  oi  —  02  <  0,  i.e.,  iff  S  does  not  contain  a  line.  ■ 

Theorem  8  The  line-intersection  query  is  expressible  in  FO-i*lineax  for  databases  consisting  of 
at  most  two  lines. 

Proof;  (Sketch)  Suppose  S  consists  of  exactly  two  lines,  neither  parallel  to  the  x-axis,  intersecting 
at  (a,  6)  (it  is  easy  to  remove  these  assumptions).  The  database 


consists  of  two  points  (x;,  yi),  (12, 5/2)  (see  Figure  2).  By  a  simple  geometricaJ  argument, 


Xi  +  X2  =  2a  —  1 
yi  +  y2  =  26. 

Therefore,  the  formula 

3ii.3yi.3i2.3y2.  {^'(xi,  yi)  A  5'(x2,  y2)  A  (xi  V  yi  ^  y2) 

A  u  =  Av  = 

is  true  iff  (u,  v)  =  (a,  6).  ■ 

Theorem  9  The  lines  query  is  linear. 

Proof:  (Sketch)  Write  5(x,  y)  in  conjunctive  normal  form:  Ai  V>  C',j(i,  y),  where  is  a  linear 
constraint.  Write  the  formula 


Vi.Vy.{ui  +  uy  +  to  =  0  — 5(x,  y)} 

in  the  form 

v*.{AVa,(x,-2!;^)}, 

•  j 

equivalently 

A{-.3x.(A 

(it  is  easy  to  deal  with  the  case  v  =  0).  Now  consider  eliminating  x  from  the  set  of  linear 
constraints  Ay  “’C'«>(i)  —  Eliminating  x  from 

dix  +  d2{ - ^ — )  +  d3  ^1  0 

gives,  after  simplification  and  cancellation  of  a  common  factor  v,  a  constraint 
(<^2^3  -  d2d-i)u  +  (d3dj  —  ^3^1)1;  +  {did'2  —  d\d2)w  d  0 
which  is  linear  in  the  free  variables  of  the  query,  tt,  v,  w.  ■ 


5  Addition,  multiplication,  and  discrete  order 

In  this  section  we  consider  first-order  logic  and  Datalog  with  a  discrete  (linear)  order.  We  denote 
by  FO  (FO(<),  FO(<,-f),  FO(<,  +,  x))  first-order  logic  with  equality  (and  order,  and  addition, 
and  multiplication).  We  use  corresponding  notation  for  Datalog  and  the  corresponding  extensions. 
The  version  of  Datalog  we  are  considering  allows  first-order  queries  on  the  input  predicates. 
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It  is  ezay  to  see  that  Datalog(<,+)  =  DataJog(<).  We  first  use  <  and  negation  to  define  a 
successor  relation  succ.  Addition  can  then  be  defined  as  a  ternary  predicate,  PLUS,  as  follows: 

PLUS(0,i,i) 

PLUS(i',  y,  z')  succ(x,  x')  A  succ(z,  z")A  PLUS(x,  y,  z). 

Further,  Datadog(<,+,x)  =  Datalog(<,4-).  Multiplication  can  be  easily  defined  a  ternary 
predicate,  MULT,  using  +  as  follows: 

MULT(0, 1, 0) 

MULT(i',  y,  z')  *—  succ{x,  i')  A  2'  =  z  +  yA  MULT(i,  y,  z). 

Therefore,  in  the  presence  of  discrete  order,  recursion  can  be  used  to  show  that  addition  and 
multiplication  do  not  add  expressive  power  to  Datalog.  We  next  see  that  this  is  not  the  case 
in  first-order  logic.  The  following  query  is  (i)  not  expressible  in  FO(<),  but  (ii)  expressible  in 
FO(<,-h). 

Example  10  Consider  the  schema  a  —  (/?),  where  R  is  a  binary  relation.  The  universe  is  the 
set  of  natural  numbers.  The  query  answers  true  if  and  only  if  (i)  the  cardinality  of  the  projection 
of  R  on  the  first  attribute,  Ri,  is  even,  and  (ii)  the  second  projection  of  R,  R2,  contains  the  order 
of  X  in  Ri  (i.e.  R{x,y)  iff  x  is  the  y^^  element  of  Ri). 

It  is  easy  to  express  the  query  in  FO(<,-)-). 

(vii  12  yi  ya  (-'3i  ((xi  <  i  <  X2)  A  iZi(i)) 

A  Ri{xi)  A  Ri{x2)  A  R{xi,yi)  A  R{x2,y2))  -*■  [vz  =  Vi  +  1)) 
Amm^,(l)  A  3n  (maxn,  (n)  A  3m  (n  =  m  m)). 

Here  min/t,  (1)  expresses  the  fact  that  the  smallest  element  in  the  second  column  of  i2  is  1 
and  maxA,  (n)  the  fact  that  the  largest  element  in  the  second  column  of  R  is  n.  The  proof  that 
it  cannot  be  expressed  in  FO(<)  is  based  on  Ehrenfeucht-Fraisse  games. 

The  query  “is  the  cardinality  of  the  domain  a  prime  number”  is  expressible  in  FO(<,  -f ,  x) 
but  not  in  FO(<,  -f ).  We  can  therefore  conclude  with  the  following  result. 


Theorem  11 


FO  C  FO(<)  C  FO(<,-\-)  C  FO(<,+,x) 

Datalog  C  Daialog(<)  =  Daialog(<,+)  =  Datalog(<,+,  x) 
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1  Introduction 

Database  query  languages,  such  as  SQL  and  Coral  [RSS92],  use  the  grouping  construct  in  conjunction  with 
aggregate  operations  (such  as  min,  max,  sum, count  and  average)  to  obtain  summary  information  from  the 
database.  These  database  query  languages  also  allow  constraints  on  values,  such  as  the  results  of  aggregate 
operations,  to  restrict  the  collection  of  answers  to  a  query.  As  an  example,  consider  the  following  program/ query 
pair  (using  the  notation  of  [MPR90]): 

qMept8{Dept,  Ml,  M2,  C,S):-  grouj)by{employee{Emp,  Dept,  Sal),  [Dept], 

[Ml  s=  min{Sar),M2  =  max  {Sal),  C  ^  count{Sal),S  =  sum{Sal}]), 

C<  10,M1>0,M2<  10000. 

Query:  ?-qjiept8{D,Ml,M2,C,S). 

Intuitively,  the  program  rule  scans  all  tuples  in  the  employee  relation  (the  first  argument  of  the  groupby),  and  for 
each  department  (the  variable  within  [  ]  in  the  second  argument  of  the  groupby),  computes  the  mm,  max,  count 
and  sum  of  the  salaries  of  the  employees  in  that  department.  Tuples  corresponding  to  departments  where  the 
minimum  salary  is  >  0,  where  the  maximum  salary  is  <  10000  and  where  the  number  of  employees  is  <  10  are 
answers  to  the  query  ?  qAepts{D,Ml,M2,C,S). 

The  variables  Ml,  M2,  C  and  S  are  related  by  the  fact  that  they  are  edl  obtained  by  performing  an  aggregate 
operation  on  the  same  multiset.  Thus,  constraints  such  as  Ml  <  M2  are  implicitly  present  on  this  set  of 
variables,  and  act  in  coqjimction  with  the  other  explicitly  specified  constraints  on  these  variables. 

A  fundamental  operation  on  any  constraint  domain  is  checking  if  a  conjunction  of  constraints  is  solvable. 
Given  a  query  ?  qjlepts{D,Ml,M2,C,S),S  >  100000,  it  is  possible  to  determine  that  there  are  no  answers  to 
this  query.  To  do  this,  we  need  to  determine  that  the  conjunction  of  (aggregation)  constraints: 

min(S)  >  0  A  count{S)  <  10  A  max(S)  <  10000  A  sum(S)  >  100000 

*The  contact  author’s  address  is  Divesh  Srivastava,  AT&T  Bell  Laboratories,  Room  2C-404,  600  Mount^un  Avenue,  P.O.  Box 
636,  Murray  HiU,  NJ  07974,  USA. 
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the  AT&T  Foundation,  and  by  a  David  and  Lucile  Paclcard  Foimdation  Fellowship  in  Science  and  Engineering. 
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is  vuuolvable,  where  S  can  be  any  finite  multiset  of  unbounded  cardinality.^  The  techniques  described  in  this 
paper  can  be  used  to  efficiently  check  for  solvability  of  such  constraints. 

Checking  solvability  of  aggregation  constraints  can  be  used  much  like  checking  solvability  of  ordinary  arith¬ 
metic  constraints  in  a  constraint  logic  programming  system.  Aggregate  operations  are  typically  applied  only 
after  multisets  have  been  constructed.  However,  checking  solvability  of  aggregation  constraints  even  before  the 
multisets  have  been  constructed  can  be  used  to  restrict  the  search  space  by  not  generating  subgoals  that  are 
guaranteed  to  faO,  as  illustrated  by  the  above  program. 

The  contributions  of  this  paper  are  as  follows: 

•  We  introduce  a  new  constraint  domain,  aggregation  constraints,  which  is  extremely  useful  in  database 
query  languages  and  in  constraint  logic  programming  languages  that  incorporate  aggregate  operations 
[MS94]  (Section  2). 

•  We  discuss  the  factors  that  determine  the  complexity  of  checking  for  the  solvability  of  conjunctions  of 
aggregation  constraints.  Further,  we  show  intractability  results  for  checking  solvability  of  conjunctions  of 
certain  simple  kinds  of  aggregation  constraints  (Section  3). 

•  We  present  a  reduction  from  the  domain  of  aggregation  constraints  to  the  domain  of  mixed  integer/real, 
non-linear  arithmetic  constraints  (Section  4).  This  reduction  enables  us  to  rise  existing  techniques  to 
check  solvability  of  aggregation  constraints.  However,  these  techniques  cannot  be  in  polynomial  time  since 
checking  solvability  of  aggregation  constraints  is  intractable  in  general.  We  point  out  interesting  special 
cases  of  aggregation  constraints  where  the  reduction-based  approach  does,  in  fact,  allow  for  tractable  checks 
for  solvability. 

•  We  describe  a  polynomial-time  algorithm  that  checks  for  solvability  of  a  useful  class  of  aggregation  con¬ 
straints,  where  the  reduction-based  approach  generates  non-linear,  mixed  integer/real  constraints.  Our 
technique  operates  directly  on  the  aggregation  constraints,  rather  than  on  the  reduced  form;  it  is  not  clear 
how  to  operate  directly  on  the  reduced  form  to  attain  the  same  complexity. 

Our  work  provides  the  foundations  of  the  area  of  aggregation  constraints.  We  believe  there  is  a  lot  of 
interesting  research  to  be  done.  To  illustrate  the  possibilities,  consider  the  following  example.  Given  a  query 
?  qjiepts{D,^M2,-,^,M2  >  5000,  i.e.,  the  user  is  interested  only  in  departments  where  the  maximum  salary 
is  >  5000,  this  constraint  can  be  used  as  a  filter  on  the  tuples  of  the  underlying  employee  relation;  employee 
tuples  that  do  not  satisfy  this  criterion  need  not  be  considered  for  the  groupby  operation.  This  fact  has  been 
noted  by  Sudarshan  and  Ramakrishnan  [SR91]  and  by  Levy  et  al.  [LMS94],  who  look  at  some  simple  cases  of 
query  optimization  in  the  presence  of  aggregate  operations.  Using  more  general  aggregation  constraints  in  such 
situations  remains  to  be  studied. 


2  Syntax  and  Semantics 

In  this  section,  we  present  an  overview  of  the  syntax  and  semantics  of  aggregation  constraints. 

The  primitive  terms  of  this  constraint  domain  are  integer  constants,  real  constants  and  aggregation  terms, 
which  are  formed  using  aggregate  functions  on  multiset  variables  that  range  over  finite  multisets.  Thus,  7, 3.142 

^Tlie  cardinality  of  tlte  multiset  S  depends  on  the  number  of  employees  in  a  given  department,  which  can  be  unbounded. 
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and  maz(5)  are  primitive  terms,  where  5  is  a  multiset  variable  that  ranges  over  finite  multisets.  For  simplicity, 
we  do  not  allow  integer  and  real'Valued  variables  as  primitive  terms  in  our  treatment.^  Complex  terms  are 
constructed  using  primitive  terms  and  arithmetic  functions  such  as  -f ,  «  and  /.  Thus,  mtn(5i)  +  max{S2)  ~ 

3.142*  coant(53)  is  a  complex  term. 

A  primitive  aggregation  constraint  is  constructed  using  complex  terms  and  arithmetic  predicates  such  as 
<1  <1  —> >•  Thus,  sum(5i)  <  mtn(5i)  +  max{S2)  +  3  is  a  primitive  aggregation  constraint.  Complex 
aggregation  constraints  can  be  constructed  using  conjunctions  and  disjunctions  of  primitive  aggregation  con¬ 
straints,  in  the  usual  manner.  In  the  sequel,  we  often  use  “aggregation  constraints”  to  loosely  refer  to  primitive 
aggregation  constraints. 

The  fundamental  problem  that  we  are  interested  in,  in  this  paper,  is  as  follows: 

Solvability:  Given  a  coigunction  C  of  primitive  aggregation  constraints,  does  there  exist  an  assign¬ 
ment  cr  of  finite  multisets  to  the  multiset  variables  in  C,  such  that  Ca  is  satisfied? 

Checking  for  solvability  of  more  complex  aggregation  constraints  can  be  reduced  to  this  fundamental  problem. 
The  other  important  problems  of  checking  implication  (or  entailment)  and  equivalence  of  pairs  of  conjunctions  of 
aggregation  constraints  can  be  reduced  to  checking  solvability  of  (collections  of  other)  conjunctions  of  aggregation 
constraints,  in  polynomial-time. 

3  Complexity  of  Solvability 

We  present  some  intractability  results  for  checking  solvability  of  conjunctions  of  certain  simple  kinds  of  aggre¬ 
gation  construnts  to  illustrate  t.he  difficulty  of  the  problem  in  general. 

There  is  a  straightforward  linear-time,  linear-space  reduction  from  integer  arithmetic  constraints  to  aggre¬ 
gation  constraints,  where,  (1)  the  multiset  elements  can  be  from  any  domain,  and  (2)  only  the  count  aggregate 
function  needs  to  be  used.  For  each  (integer)  variable  Xi  in  the  conjunction  of  integer  arithmetic  constraints, 
the  reduction  algorithm  creates  two  new  multiset  variables  Sn  and  5,2,  and  replaces  each  occurrence  of  Xi 
by  count(5{i)  —  couni{Si2)-  The  difference  of  counts  is  needed  to  simulate  negative  integers.  Similarly,  if  the 
multisets  range  over  integers,  we  can  create  Jne  new  multiset  variable  Si  for  each  integer  variable  Xi ,  and  replace 
each  occurrence  of  Xi  by  min(Si)  (or  max^Si)  or  sum(Si)). 

It  is  easy  to  see  that  the  resulting  conjunction  of  aggregation  constraints  is  solvable  iff  the  original  conjunction 
of  integer  arithmetic  constraints  is  solvable.  Further,  the  algorithm  preserves  the  linear/non-linear  nature  of  the 
original  integer  arithmetic  constraints.  Since  checking  for  solvability  of  integer  linear  arithmetic  constraints  is 
NP-complete  [Sch86],  we  have  the  following  result; 

Theorem  3.1  Checking  solvability  of  a  conjunction  of  linear  aggregation  constraints  involving  just  the  count 
aggregate  function  is  NP~hard.  If  the  multiset  elements  are  draum  from  ike  integers,  then  checking  solvability  of 
a  conjunction  cf  linear  aggregation  constraints  involving  just  min  or  max  or  sum  is  NP-hard.  □ 

3.1  Special  Cases:  A  Taxonomy 

Although  diecking  for  solvability  of  aggregation  constraints  is  NP  '^^rd  in  the  general  case,  there  are  many  special 
cases  that  are  tractable.  We  present  below  several  factors  that  ne  complexity,  and  in  later  sections  present 

defied,  these  can  be  aiinulated  using  the  primitive  terms  allowed;  U.  ample,  a  real-valued  variable  Xi  can  be  replaced  by 

mtn(Sj),  where  Si  is  a  new  multiset  variable  that  ranges  over  finite  multisets  of  reak. 
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tractable  special  cases  defined  on  the  basis  of  these  factors. 


Domain  of  multiset  elements  :  This  determines  the  feasible  assignments  to  the  multiset  variables  in  checking 
for  solvability.  Possibilities  include  integers  and  reals;  correspondingly,  the  multiset  variables  range  over 
finite  multisets  of  integers  or  reals.  In  general,  restricting  the  domain  to  integers  increases  the  difficulty  of 
the  problem. 

Aggregate  ftmctions  :  This  determines  the  possible  aggregation  terms  that  are  allowed.  Possibilities  include 
min,  max,  sum,  count,  average,  etc.  In  general,  the  complexity  of  checking  for  solvability  increases  if  more 
aggregate  functions  are  allowed. 

Class  of  constraints  :  This  determines  the  form  of  the  primitive  aggregation  constraints  considered,  which 
affects  the  complexity  of  the  solvability  problem.  There  are  at  least  two  factors  that  are  relevant: 

1.  Linear  vs.  Non-linear  constraints;  Checking  for  solvability  of  linear  constraints  is,  in  general,  easier 
than  for  non-linear  coitstraints.  By  restricting  the  form  even  further,  such  that  each  primitive  aggre¬ 
gation  constraint  has  at  most  one  or  two  aggregation  terms,  the  problem  crui  become  even  simpler. 

2.  Constraint  predicates  allowed:  The  complexity  of  checking  for  solvability  also  depends  on  which 
types  of  the  constraint  predicates  are  allowed.  We  can  choose  to  allow  only  equational  constraints  (=) 
or  add  inequalities  (<,  <)  or  possibly  even  disequalities  (9^).  In  general,  the  difficulty  of  the  solvability 
problem  increases  with  each  new  type. 

Separability  :  This  also  determines  the  form  of  the  primitive  aggregation  constraints  considered.  The  two 
possible  dimensions  in  this  case  are: 

1.  Multiset  variables:  A  coiyunction  of  primitive  aggregation  constraints  is  multiseUvariabU-separable 
if  each  primitive  aggregation  constraint  involves  only  one  multiset  variable.  For  example,  the  con¬ 
junction  min(Si)  +  max(St)  <  5  A  sum(S2)  >  10  is  multiset- variable-separable,  while  min(Si)  -f 
min(S2)  <  10  is  not.  In  gener  multiset-variable-separability  makes  the  solvability  problem  easier 
since  one  can  check  solvabib  te  aggregation  constraints  separately  for  each  multiset  variable. 

2.  Aggregate  jfunctions:  A  coiij  unction  of  primitive  aggregation  constraints  is  aggregate-function- 
separahle  if  each  .primitive  aggregation  constraint  involves  only  one  aggregate  function.  For  example, 
the  conjunction  min{Si)  <  »ni7i(52)  A  s«m(5i)  >  s«m(52)  -b  2  is  aggregate-function-separable, 
although  it  is  not  multiset-variable-separable. 


4  A  Reduction-based  Approach  To  Solvability 

Our  first  approach  to  checking  for  the  solvability  of  a  conjunction  of  aggregation  constraints  is  to  try  and  reduce 
aggregation  constraints  to  an  existing  constraint  domaiin.  The  advamtage  of  this  approach  is  that,  if  successful, 
solvability  checking  techniques  from  previously  known  constraint  domauns  cam  be  used  to  check  for  solvability  in 
our  novel  constraunt  domain.  In  this  section,  we  present  some  preliminary  results  in  this  direction. 

The  key  idea  behind  our  reduction  algorithm  is  to  add  to  the  conjunction  of  aggregation  constraints  a  com¬ 
plete  set  of  relationships  between  the  aggregate  operations  on  a  single  multiset.  The  intuition  here  is  that  the 
constraint  domain  of  “aggregation  constraunts”  only  allows  primitive  aggregate  operations  on  individual  mul¬ 
tisets.  Interaictions  between  different  multisets  is  possible  only  via  arithmetic  constraints  between  the  results 
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of  the  aggregate  opetations  on  individual  multiaeta.  Consequently,  relationships  between  the  results  of  aggre¬ 
gate  operations  on  different  multisets  can  be  infemd  using  techniques  from  the  domain  of  ordinary  arithmetic 
constraints  (see  [Sch86]). 


Theorem  4.1  The  following  nlaiionships  provide  a  correct,  complete  and  minimal  aziomatieation  of  the  rela¬ 
tionships  between  the  aggregate  operations  min,  max,  sum,  count  and  average  on  a  single  mulitsei  S. 

(1)  eouni(S)  is  an  integer  >  0. 

(2)  if  (co«i»t(5)  s  0)  then  min(S)  and  max(5)  are  undefined.* 

(3)  if  (c0«nt(5)  >  0)  then  min{S)  <  maz(5). 

(4)  if  (co«nt(S)  s  0)  then  sum(S)  s  0. 

(5)  if  (count(S)  >  0)  then  (e««nt(5)  —  1)  «  m<n(S)  -f  maz(5)  <  sum(S). 

(6)  if  (co«at(S)  >  0)  then  sum(S)  <  min(S)  (co«(nt(5)  —  1)  •  max(S). 

(7)  if  (eo«nt(5)  =  0)  then  average(S)  is  undefined. 

(8)  if  (eount(S)  >  0)  then  sum(S)  =  average(S)  *  counl(S). 

Proof:  We  first  prove  correctness  and  completeness  of  the  set  of  relationships  (l)-(8). 

The  multiset  5  clearly  has  0  or  more  elements.  If  S  has  0  elements,  relationships  (2),  (4)  and  (7)  are  obviously 
correct  and  complete.  If  5  has  1  element,  then  5  can  be  represented  as  {Xi}.  In  this  case,  we  have: 

min(S)  =Xi  A  max(S)  =  Xi  A  sum(S}  =  Xi  A  average{S)  =  Xi . 

Projecting  out  the  variable  X\ ,  we  have: 

min(S)  =  max(S)  A  mtn(S)  =  sum{S)  A  min(5)  =  average(S). 

It  is  eaqr  to  verify  that  the  coi^junction  of  relationships  (3),  (5),  (6)  and  (8)  are  equivalent  to  the  above  conjunc¬ 
tion,  when  count(S)  ~  1. 

If  5  has  n  >  2  elements,  then  5  can  be  represented  as  {Xi,X3, ...,  X„},  where  Xi  <  X2  <  ■ . .  <  X„  In  this 
case,  we  have  min(S)  =  Xi  A  max(S)  =  X„  A  sum(S)  =  Xi  +  X2  +  . . .  +  X„  A  average(S)  =  8um{S)/n. 
Aggregation  constraints  involving  min,  max,  sum,  count  or  average  do  not  allow  direct  reference  to  any  of  the 
values  A2,  ■  ■  ■ ,  .ATn-i'  Without  loss  of  generality,  we  can  assume  that  m  <  n  —  2  of  these  values  are  identical  (say 
=  X2)  and  n  —  m  —  2  of  these  values  are  identical  (say  =  Xn-i),  where  Xi  <X2  <  X„^i  <  Xn  Consequently, 
we  can  simplify  the  above  relationships  as  follows: 

Xl  <  X2  A  X2  ^  Xn—l  A  Xn—l  ^  Xn  A 

mtn(5)  =  Xi  A  max(5)  =  X„  A  average{S)  =  sum{S)/n  A 

sum(5)  =  Xi  -b  m  *  Xj  +  (n  -  m  -  2)  ♦  X„_i  -I-  X„, 

where  0  <  m  <  n  —  2.  We  can  now  replace  the  variables  Xi  and  X„  by  min(S)  and  max(S).  Since  X2  and 
Xn-i  cannot  be  directly  referenced  in  the  aggregation  constraints,  imd  the  only  other  constraints  known  about 
these  variables  are  their  bounds,  we  can  project  them  out  to  obtain: 

*An  alteniative  «ngge*tion,  made  in  [RS92],  is  to  take  min(8)  =  oo  and  maz(8)  =  — oo.  While  this  is  useful  in  an  inductive 
diaracteekation  of  the  min  and  max  aggregate  operations,  it  violates  our  intuition  that  min(S)  <  maz(5). 

*If  the  elemeats  of  the  multiset  5  are  drawn  from  the  reals,  we  can  assume  that  all  the  n  —  2  values  X2, ,  X„-i  are  identical. 
If  the  ekmcnts  are  drawn  from  the  integers,  we  may  need  two  distinct  values  X2  and  X„^t>  mch  that  there  are  m  <  n  —  2  copies 
of  X2  and  n  —  m  —  2  copies  of  Xn— i-  The  reason  for  this  has  to  do  with  computing  the  sum  of  all  the  elements  of  the  multiset. 
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min(S)  <  max(S)  A  «um(5)  =  avtrage(S)  «  n  A 

«iim(5)  <  min(5)  +  (n  —  1)  *  max(S)  A  «um(5)  >  (n  —  1)  •  min(S)  +  max(S). 

It  is  easy  to  verify  that  the  coqjunctioa  of  relationships  (3),  (5),  (6)  and  (8)  are  equivalent  to  the  above  conjunc¬ 
tion,  when  counf(5)  =  n.  This  c<HnpIetes  the  proof  of  correctness  and  completeness.  Minimality  follows  from 
the  fact  that  none  of  the  relationships  is  entailed  by  the  others.  □ 

Other  relationships  between  the  results  of  aggregate  operations  can  be  inferred  using  these  basic  relationships. 
For  example,  we  can  infer  that  count(5)  =  1  implies  that  mtn(5)  =  maz(5).  Similarly,  we  can  infer  that  the 
constraint  max{S)  <  average{S)  is  unsolvable. 

The  above  reduction  results  in  non-linear,  mixed  integer/real  constraints,  even  when  applied  to  linear  aggre¬ 
gation  constraints.  Such  constraints  are  harder  to  solve  than  linear  constraints. 

Consider  the  linear  aggregation  constraint  mtn(5)  =  Tnax{S),  where  S  ranges  over  finite  multisets  of  re¬ 
als/integers.  For  this  aggregation  constraint  to  be  solvable,  mtn(5)  and  max{S)  must  be  defined.  Hence,  this 
implies  the  additional  constraint  (count(5)  >  0)  A  (sum(5)  =  count{S)  *  max(S)).  Since  the  vadues  of  min(S) 
and  maz(5)  are  not  constrained  any  further,  this  is  not  equivalent  to  any  finite  collection  of  linear  constraunts. 
The  following  theorem  formalizes  this  idea. 

Theorem  4.2  There  is  no  finite  collection  of  linear  arithmetic  constraints  over  the  reals  and  integers  that 
eorredlg  and  completely  axiomatises  the  relationships  between  the  aggregate  operations  min,  max,  sum  and 
count.  □ 


4.1  Efficient  Special  Cases 

In  general,  checking  for  solvability  of  aggregation  constraints,  even  after  the  reduction,  is  intractable.  In  this 
section,  we  briefly  describe  two  cases  where  the  reduction-based  approau;b  leauis  to  polynomial-time  algorithms 
for  checking  solvability. 

The  first  case  is  when  the  conjunction  of  constraints  involves  only  min  and  max.  If  we  want  such  constraints 
to  be  satisfiable,  we  must  make  the  assumption  that  mtn(5)  and  max(S)  are  defined,  and  hence  count{S)  >  0. 
Hence,  in  this  case,  mily  the  relationship  mfn(5)  <  max(5)  (which  assumes  count{S)  >  0)  needs  to  be  added.  If 
the  original  coiqunction  of  aggregation  constraints  is  linear  and  the  multiset  elements  are  drawn  from  the  reals, 
the  transformed  cortjunction  of  arithmetic  constraints  is  also  linear  over  the  reals;  solvability  can  now  be  checked 
in  time  polynomial  in  the  size  of  the  aggregation  constraints,  using  any  of  the  standard  techniques  (see  [Sch86]) 
for  solving  linear  arithmetic  constraints  over  the  reals. 

The  second  case  is  when  the  copjunction  of  linear  aggregation  constraints  explicitly  specifies  the  cardinality 
of  each  multiset,  i.e.,  for  each  multiset  variable  Si,  we  know  that  count(5,-)  =  hi,  where  ki  is  a  constant.  In  this 
case,  each  of  the  non-linear  constraints  in  our  axiomatization  can  be  simplified  to  linear  constraints;  checking 
for  solvability  again  takes  time  polynomial  in  the  size  of  the  aggregation  constraints  if  the  multiset  elements  are 
drawn  from  the  reals. 

5  Linear  Separable  Aggregation  Constraints 

In  this  section,  we  examine  a  very  useful  class  of  aggregation  constraints,  and  present  a  polynomial-time  algo¬ 
rithm  to  check  for  solvability  of  constraints  in  the  class.  Our  technique  operates  directly  on  the  aggregation 
constraints,  rather  than  on  their  reduction  to  arithmetic  constraints.  The  reduced  form  of  this  class  includes 
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mixed  integer/teal  constraints,  and  is  non-linear;  it  is  not  clear  how  to  operate  directly  on  the  reduced  form  and 
attain  the  same  complexity  as  our  algorithm. 

We  specify  the  class  of  constraints  in  terms  of  the  factors,  described  in  Section  3,  that  affect  the  complexity  of 
checking  for  solvability.  We  require  that:  (1)  the  domain  of  multiset  elements  is  the  reals,  (2)  the  only  aggregate 
functions  present  are  mtn,maz,sum  and  count,  (3)  the  constraints  are  linear  and  specified  using  <,<,=>> 
and  >,  and  (4)  the  constraints  are  aggregate-function-separable  and  multiset-variable-separable.  Intuitively,  the 
above  four  restrictions  ensure  that  we  can  simplify  the  given  conjunction  of  aggregation  constraints  to  range 
constraints  on  each  aggregate  function  on  each  multiset  variable.  In  addition,  we  require  that;  (5)  for  each 
multiset  variable  Si,  the  ranges  for  mtn(5’t)  and  maz(5i)  are  identical.  This  semantic  condition  ensures  that  the 
multisets  can  contain  any  finite  collection  of  elements  &om  the  given  ranges  for  mtn(Si)  and  max(Si).  We  refer 
to  this  class  of  aggregation  constraints  as  £5-aggregation-constraints. 

Most  aggregation  constraints  occurring  in  practice  are  multiset-variable-separable  since  typicaJly  a  single 
grouping  literal  spears  in  each  rule.  Only  when  we  consider  constraint  propagation  or  fold/unfold  transforma¬ 
tions  are  we  likely  to  obtain  non-multiset-variable-separable  aggregation  constraints.  The  further  restrictions  for 
^^-aggregation-constraints  are  not  onerous;  the  example  in  the  introduction  is  such  a  constraint. 

5.1  Multiset  Ranges 

The  heart  of  our  algorithm  is  a  function  Multiset,Ranges  that  takes  three  ranges,  two  real  ranges  (m/,  m/,)  and 
(vi,Vh),  and  an  integer  range  (ki,  k^),  along  with  information  about  whether  each  side  of  each  range  is  open  or 
closed,  and  answers  the  following  question: 

Do  there  exist  k  >  0  numbers,  k  between  k|  and  ks,  each  number  between  mi  and  mi,,  such  that  the 
sum  of  the  k  numbers  is  between  V{  and  v/,? 

For  simplicity  of  exposition,  we  present  a  special  case  of  the  algorithm  below,  where  each  range  is  assumed 
to  be  finite  (i.e.,  no  value  is  infinite),  closed  on  both  sides,  and  feasible.  The  general  case  does  not  add  to  the 
intuition,  but  makes  the  algorithm  more  verbose. 


function  Multisctilanges  (tm,  nih,  «i,  vn, ki,kh) 

{ 

/♦  we  assume  finite  numbers:  fci  >  0,  ki  <  kh,  mi  <  mi,  and  vi  <  »(,.  and  closed  ranges.  */ 

(1)  if  (mj  <  0  and  mu  >  0)  then  /*  Case  1:  includes  0.  */ 

(a)  if  (vh  <  mi*kh  or  VI  >  mn*  ki,)  then  /*  sum  is  too  low  or  too  high.  ♦/ 

return  0. 

(b)  else  return  1. 

(2)  if  (i»A  <  0)  then  /*  Case  2:  mi  and  m*  are  both  <  0.  switch  everything.  •/ 

(a)  temp  =  —mi;  mi  =  — m*;  m*  =  temp.  ]*  both  m/  and  m*  become  positive  and  mi  <  m/,.  */ 

(b)  temp  =  -vi\  vi  =  -v*;  Vh  =  temp. 

/*  Case  3:  mi  and  mn  are  both  >  0.  *( 

(3)  if  (vj,  <  ki  «  mi  or  VI  >  kfc  «  mu)  then  /•  sum  is  too  low  or  too  high.  ♦/ 

return  0. 

(4)  define  ki  and  kj  by  vi  =  ki  *  mh  —  ka,  0  <  kj  <  ms. 

/*  ki  is  the  smallest  number  of  possible  values  from  [mi,  mh],  whose  sum  is  >  vi.  */ 

(5)  define  ks  and  kt  by  Oh  =  ks  «  mi  +  k4,0  <k\  <  mi. 
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/*  ka  is  the  largest  number  of  possible  values  from  [mi.m^],  whose  sum  is  <  */ 

/*  check  if  the  [ki.kk]  range  overlaps  with  the  [kt.ka]  range.  */ 

(6)  K  {ki  <  ki  and  ki  <  ka  and  fci  <  ka)  then 

return  1.  /*  the  intersection  gives  a  possible  value  for  k  */ 

(7)  else  return  0. 

} 


Theorem  5.1  Function  Multiset  Jtanges  returns  1  iff  there  exist  k  >  0  real  numbers,  ki  <  k  <  kh,  each  number 
is  greater  than  or  equal  to  mi  and  less  than  or  equal  to  m*,  such  that  the  sum  of  the  k  numbers  is  greater  than 
or  equal  to  vi  and  less  than  or  equal  to  Vk. 

Proof;  The  algorithm  has  three  cases,  based  on  the  location  of  the  [mi,mh]  range  with  respect  to  zero.  The 
first  case  is  when  this  range  includes  zero;  In  this  case  the  sum  can  take  any  value  in  the  continuous  rwge 
[Jbft  *mi,kk*  maj.  The  second  case  is  when  the  [mt.mh]  range  includes  only  negative  numbers,  and  the  third 
case  is  when  this  range  includes  only  positive  numbers.  These  two  cases  are  symmetric,  and  we  transform  the 
second  case  into  the  third  case,  and  consider  only  the  third  case  in  detail. 

In  the  third  case,  the  stun  lies  within  the  continuous  range  [k/  *  mi,  k^*  ma],  but  it  cannot  take  all  values 
within  this  range;  it  can  take  values  only  from  the  union  of  the  ranges  [ib|  *  m; ,  k/  ♦  m/,],  [(kj  +  1)  ♦  mj ,  (k;  +  1)  * 
•••>[**♦  ’Wfi  *  ”**]•  This  union  of  ranges  need  not  be  convex;  there  may  be  gaps.  Iff  the  [v/,  range 
lies  outside  the  [kj  *mi,ka*  ^1^}  range,  or  entire  within  one  of  the  gaps,  then  the  conjunction  of  constraints  is 
unsolvable.  This  concludes  the  proof.  □ 

5.2  Checking  for  Solvability 

Recall  the  class  of  ^^-aggregation-constraints.  Since  the  conjunction  of  aggregation  constrsunts  is  multiset- 
variable-separable,  the  primitive  aggregation  constraints  can  be  partitioned  based  on  the  multiset  variable,  and 
the  conjunction  of  aggregation  constraints  in  each  partition  can  be  solved  separately;  the  overall  conjunction  is 
solvable  iff  the  conjunction  in  each  partition  is  separately  solvable. 

By  definition,  we  can  simplify  a  conjunction  of  /^^-aggregation-constraints  on  a  single  multiset  variable  Si  to 
range  constraints  on  each  aggregate  function.  We  can  then  check  whether  each  range  is  feasible,  and  whether  the 
ranges  for  mtn(5t)  and  maz(5j)  are  identical.  If  so,  the  algorithm  Check.LS.Solvability  that  checks  for  solvability 
first  takes  into  account  the  special  case  of  count(Si)  =  0.  It  then  calls  function  Multiset.Ranges  with  the  range 
for  nM'n(5j)  (equivalently  maz(5,-)),  the  range  for  sum(Si)  and  the  rrmge  for  count(Si). 

If,  for  each  multiset  variable  5j,  function  MultiseURanges  returns  1,  then  algorithm  Check-LS-Solvability 
returns  SOLVABLE. 

Theorem  5.2  Given  a  conjunction  of  CS~aggregation~constraints,  algorithm  Check.LS^olvability  returns  SOLV¬ 
ABLE  iff  the  conjunction  is  solvable. 

Further,  it  takes  time  polynomial  in  the  size  of  the  conjunction  of  CS-aggregation-constraints.  □ 

Though  £5-aggregation-constraint8  are  significantly  restricted,  they  are  strong  enough  to  usefully  entail 
new  aggregate  constraint  information.  They  can  be  used  to  infer  information  about  an  arbitrary  aggregation 
constraint,  C,  by  determining  an  £5-aggregation-constr«nt,  H,  that  is  implied  by  C;  any  aggregation  constraints 
entailed  by  H  are  then  also  entailed  by  C. 
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6  Conclusions  and  Future  Work 


We  presented  a  new  and  extremely  useful  class  of  constraints,  aggrtgaiion  constraints.  We  studied  the  complexity 
of  the  problem  of  checking  for  solvability  of  copjunctions  of  aggregation  constraints,  and  described  some  simple 
cases  that  are  intractable.  We  identified  interesting  classes  of  aggregation  constraints  that  are  tractable,  and 
presented  novel  algorithnos  for  checking  for  solvability. 

There  are  many  interesting  directions  to  pursue.  An  important  direction  of  active  research  is  to  significantly 
extend  the  class  of  aggregation  constraints  for  which  solvability  can  be  efficiently  checked.  We  believe  that  our 
algorithm  works  on  a  larger  class  of  aggregation  constraints  than  presented  here — for  instance,  we  believe  that 
our  algorithm  will  work  correctly  even  if  we  relax  the  conditions  to  not  require  min  and  max  to  be  separated; 
characterising  this  class  will  be  very  useful. 

Combining  aggregation  constraints  with  multiset  constraints  that  give  additional  information  about  the  mul¬ 
tisets  (using  functions  and  predicates  such  as  U,  €,  C,  etc.)  will  be  very  important  practically. 

Another  important  direction  is  to  examine  how  this  research  can  be  used  to  improve  query  optimization  and 
integrity  constraint  checking  in  database  query  languages  such  as  SQL.  Sudarshan  and  Ramakrishnan  [SR91] 
and  Levy  et  al.  [LMS94]  consider  how  to  use  simple  aggregate  conditions  for  query  optimization;  it  would 
be  interesting  to  see  how  their  work  can  be  generalized.  Stuckey  and  Sudarshan  [SS94]  present  compilation 
techniques  for  query  constraints  in  logic  programs,  essentially  extending  Magic  sets  to  handle  general  query 
constraints,  not  just  equality  constraints  on  queries.  It  would  be  interesting  to  see  bow  to  use  aggregation 
constraints  in  coiyunction  with  their  techniques. 

We  believe  that  we  have  identified  an  important  area  of  research,  namely  aggregation  constraints,  in  this 
paper  and  have  laid  the  foundations  for  further  research  in  the  area. 
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Abstract 

Set  constraints  are  a  natural  formalism  for  many  problems  that  arise  in  program  analysis.  This 
paper  provides  a  brief  introduction  to  set  constraints:  what  set  constraints  are,  why  they  are  inter¬ 
esting,  the  current  state  of  the  art,  open  problems,  applications  and  implementations. 


1  Introduction 

Set  constraints  are  a  natural  formalism  for  describing  relationships  between  sets  of  terms  of  a  free 
algebra.  A  set  constraint  has  the  form  X  CY,  where  X  and  Y  are  set  expressions.  Examples  of  set 
expressions  are  0  (the  empty  set),  a  (a  set-valued  variable),  c{X,Y)  (a  constructor  application),  and 
the  union,  intersection,  or  complement  of  set  expressions. 

Recently,  there  has  been  a  great  deal  of  interest  in  program  analysis  algorithms  based  on  solving  sys¬ 
tems  of  set  constraints,  including  analyses  for  functional  languages  [AWL94,  Hei94,  AW93,  AM91,  JM79, 
MR85,  Rey69],  logic  programming  languages  [AL94,  HJ92,  HJ90b,  Mis84],  and  imperative  languages 
[HJ91].  In  these  algorithms,  sets  of  terms  describe  the  possible  values  computed  by  a  program.  Set 
constraints  are  generated  from  the  program  text;  solving  the  constraints  yields  some  useful  information 
about  the  program  (e.g.,  for  type-checking  or  optimization). 

Set  constraints  have  proven  to  be  a  very  successful  formalism.  On  the  theoreticed  side,  rapid  progress 
has  been  made  in  understanding  the  algorithms  for  and  complexity  of  solving  various  classes  of  set 
constraints.  On  the  practical  side,  several  program  analysis  systems  based  either  entirely  or  partially  on 
set  constraint  algorithms  have  been  implemented.  In  addition,  the  use  of  set  constraints  has  simplified 
previously  known,  but  rather  complicated,  program  analyses  and  set  constraints  have  led  directly  to 
the  discovery  of  other,  previously  unknown,  analyses. 

Much  of  the  work  on  set  constraints  is  very  recent.  Consequently,  many  of  the  results  are  not  well 
known  outside  of  the  community  of  researchers  active  in  the  area.  The  purpose  of  this  paper  is  to 
provide  a  brief,  accessible  survey  of  the  area:  what  set  constraints  are,  why  they  are  useful,  what  is  and 
isn’t  known  about  solving  set  constraints,  the  important  open  problems,  and  likely  directions  for  future 
work.  Section  2  gives  definitions  of  the  basic  set  constraint  formalism  and  some  illustrative  examples. 
Section  3  presents  a  survey  of  results  on  the  satisfiability,  complexity,  and  solvability  of  various  set 
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constraint  problems;  open  problems  are  also  discussed.  In  Section  4  a  brief,  informal  description  of 
algorithms  for  solving  systems  of  set  constraints  is  given;  this  discussion  also  points  out  basic  trade-offs 
between  expressive  power  and  computational  complexity  for  various  classes  of  set  constraint  problems. 
Section  5  surveys  applications  of  set  constraints  to  program  analysis.  Section  6  concludes  with  a 
discussion  of  current  implementations  and  likely  directions  for  future  work. 

2  Set  Constraints 

Let  C  be  a  set  of  constructors  and  let  V  be  a  set  of  variables.  Each  c  €  C  has  a  fixed  arity  a(c);  if 
a(c)  =  0  then  c  is  a  constant.  The  set  expressions  are  defined  by  the  following  grammar: 

::=  a  1 0 1  c(iJi, . . . ,  .Ea(c))  |  A  U  I  A  ^2  I 

In  this  grammar,  o  is  a  variable  (i.e.,  a  €  V)  and  c  is  a  constructor  (i.e.,  c  €  C).  Set  expressions 
denote  sets  of  terms.  A  term  is  c(ti, . .  .,ta(c))  where  c  £  C  and  every  ti  is  a  term  (the  base  cases  of 
this  definition  are  the  constants).  The  set  of  all  terms  is  the  Herbrand  universe.  An  assignment  is 
a  mapping  V  -*  2^  that  assigns  sets  of  terms  to  variables.  The  meaning  of  set  expressions  is  given  by 
extending  assignments  from  variables  to  set  expressions  as  follows: 

<7(0)  =  0 

<T{c{Ei,...,En))  -  {c(ti,...,tn)lf.' e  «?(£,)} 
a{EiUE2)  =  <r{Ei)\J(r{E2) 
er^Ei  n  E2)  =  n  <t{E2) 

<t{-^Ei)  =  H-a{Ex) 

A  system  of  set  constraints  is  a  finite  conjunction  of  constraints  Ai  Xi  C  Yi  where  each  of  the  Xi  and 
Yi  is  a  set  expression.  A  solution  of  a  system  of  set  constraints  is  an  assignment  o  such  that  A,-  Q 
(T(Yi)  is  true.  A  system  of  set  constrmnts  is  satisfiable  if  it  has  at  least  one  solution.  The  following 
result  was  proven  first  in  [AW92].  Simpler  proofs  have  been  discovered  since  [BGW93,  AKVW93]. 

Theorem  2.1  It  is  decidable  whether  a  system  of  set  constraints  is  satisfiable.  Furthermore,  all  solu¬ 
tions  can  be  finitely  presented. 

From  the  definition  above,  it  is  easy  to  see  that  the  set  expressions  consist  only  of  elementary  set 
operations  plus  constructors — simply  put,  it  is  a  set  theory  of  terms.  The  constraint  language  is  rich 
enough,  however,  to  describe  all  of  the  data  types  commonly  used  in  programming,  and  this  is  the 
property  that  makes  set  constraints  a  natural  tool  for  program  analysis.  For  example,  programming 
language  data  type  fadlities  provide  “sums  of  products”  data  types,  which  means  simply  unions  of 
(usually  distinct)  data  type  constructors.  All  such  data  types  can  be  expressed  as  set  constraints. 

Let  X  =  Y  stand  for  the  pair  of  constraints  X  CY  and  Y  C  X.  Consider  the  constraint 

/?  =  cons(a,  /?)  U  nil 
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If  cons  and  nil  are  interpreted  in  the  usual  way,  then  the  solution  of  this  constraint  assigns  to  0 
the  set  of  all  lists  with  elements  drawn  from  a.  This  example  also  shows  that  a  special  operation 
for  recursion  is  not  required  in  the  set  expression  language — recursion  is  obtained  naturally  through 
recursive  constraints. 

The  set  of  non- nil  lists  (with  elements  drawn  from  a)  can  be  defined  as  7  =  /?  n  -inil,  where  0  is 
defined  as  above.  The  set  7  is  useful  because  it  describes  the  proper  domain  of  the  function  that  selects 
the  first  element  of  a  list;  such  a  function  is  undefined  for  empty  lists.  This  example  also  illustrates  that 
set  constraints  can  describe  proper  subsets  of  standard  sums  of  products  data  types. 

The  final  example  shows  a  non-triviad  set  of  constraints  where  some  work  is  required  to  derive  the 
solutions.  Consider  the  universe  of  the  natural  numbers  with  one  unary  constructor  succ  and  one 
nuUary  constructor  zero.  Let  the  system  of  constraints  be: 

succ(a)  C  -ia  ^  succ(-<a)  C  a 

These  constraints  say  that  if  x  €  a  (resp.  x  6  “'a)  then  succ(i)  G  ">0;  (resp.  succ(i)  G  a).  In  other 
words,  these  constraints  have  two  solutions,  one  where  a  is  the  set  of  even  integers  and  one  where  a  is 
the  set  of  odd  integers.  The  solutions  are  described  by  the  following  equations: 

a  =  zero  U  succ(succ(q;)) 
a  =  ‘?ucc(zero)  U  succ(succ(a)) 

Note  that  the  two  solutions  are  incomparable;  in  general,  there  is  no  least  solution  of  a  system  of  set 
constraints. 

3  Results  and  Open  Problems 

The  set  constraint  language  defined  in  Section  2  is  henceforth  called  the  basic  language.  There  are 
several  interesting  extensions  to  the  basic  language,  each  of  which  substantially  alters  the  set  constraint 
problem.  Three  extensions  are  discussed  in  this  i.per:  projections,  function  spaces,  and  negative 
constraints. 

For  every  constructor  c  of  arity  n,  a  family  of  projections  c~^, . . .,  c~"  can  be  defined  such  that 

<7(c'’(f;))  =  {til3fi,...,t„.c(ti,...,t„)  G  cr(F)} 

Projections  are  used  primarily  in  set  constraint  analyses  for  logic  programming  languages  [HJ90b]. 

A  separate  extension  is  adding  sets  of  functions  X  —*  Y  to  the  set  expressions.  This  is  a  major 
change,  because  it  not  only  enriches  the  language,  but  also  requires  a  new  domain.  The  construction 
of  a  suitable  domain  with  function  spaces  is  beyond  the  scope  of  this  paper;  somewhat  surprisingly, 
however,  given  such  a  domain,  set  constraint  techniques  still  apply.  In  an  appropriate  domain,  the 
meaning  of  A  y  is 

X-*Y  =  {f\x  G  A  =►  fix)  G  Y] 
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Function  spaces  are  used  primarily  in  the  analysis  of  functional  programming  languages  [AW93,  AWL94]. 

Finally,  negative  constraints  are  strict  containments  X  %Y.  Negative  constraints  can  express  the 
set  of  non-solutions  of  a  system  of  positive  constraints: 


Since  conjunctions  of  positive  constraints  correspond  to  an  existential  property  (i.e.,  is  any  assignment 
a  solution  of  the  constraints)  disjunctions  of  negative  constraints  can  express  universal  properties  (i.e., 
is  every  assignment  a  solution  of  the  constraints)  [AKW93,  GTT93j. 

Four  proofs  of  decidability  of  the  satisfiability  problem  for  the  basic  language  are  known  [AW92, 
GTT92,  BGW93,  AKVW93].  Remarkably,  each  proof  is  based  on  completely  different  techniques. 
A  particularly  elegant  proof  is  due  to  Bachmair,  Ganzinger,  and  Waldmann  [BGW93];  their  result 
shows  set  constraints  are  equivalent  to  the  monadic  class,  the  class  of  first  order  formulas  with  arbitrary 
quantification  but  only  unary  predicates  and  no  function  symbols.  In  addition  to  satisfiability,  constraint 
resolution  algorithms  are  known  that  construct  explicit  representations  of  the  solutions  of  systems  of 
set  constraints  for  the  basic  language. 

The  situation  with  the  various  extensions  is  less  clear.  Table  1  summarizes  the  current  state  of 
knowledge.  Of  the  open  problems  in  Table  1,  decidability  of  the  satisfiability  of  set  constraints  with 
projections  has  been  open  for  the  longest  time  [HJ90a].  Constraint  resolution  algorithms  for  restricted 
forms  of  the  general  problem  are  known  [HJ90a,  Hei92];  the  current  state  of  the  art  permits  the  full 
basic  language  and  restricts  only  projections  [BGW93]. 

Work  on  set  constraints  extended  with  negative  constraints  has  been  motivated  in  part  because  it 
appears  to  be  an  intermediate  step  toward  handling  projections.  To  see  this,  consider  the  expression 
c“^(c(X,y)).  Note  that  if  y  =  0,  then  c(X,y)  =  0,  since  constructors  function  as  cross  products. 
Therefore,  the  meaning  of  this  expression  can  be  characterized  <is 


c-\ciX,Y)) 


0 

X 


if  y  =  0 
if  y  #  0 


Thus,  even  a  restricted  form  of  projection  implicitly  involves  negative  constraints  (y  ^  0  in  the  right- 
hand  side  above).  Two  independent  proofs  of  the  decidability  of  set  constraints  with  negative  constraints 
ha' been  discovered  [AKW93,  GTT93].  These  are  decision  procedures  only,  however,  and  do  not 
characterize  the  solution  sets. 

Set  constraints  extended  with  function  spaces  have  been  used  to  develop  very  expressive  subtype 
inference  systems  for  functional  languages.  Currently,  constraint  solving  algorithms  for  a  fairly  general 
class  of  set  constraints  with  function  types  are  known  [AW93,  AWL94].  Damm  has  proven  the  surprising 
result  that  satisfiability  of  set  constraints  with  function  spaces  is  decidable  [Dam94]. 

Set  constraint  resolution  algorithms  are  computationally  expensive  in  general.  For  the  basic  problem, 
deciding  satisfiability  is  NEXPTIME-complete  [BGW93]  and  even  if  the  language  is  restricted  to  the 
set  operations  over  constants  satisfiability  remains  NP-complete  [AKVW93].  By  restricting  the  set 
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Problem 

Satisfiability 

Constraint  Resolution 

basic 

yes 

yes 

basic  -|-  projections 

7 

with  restrictions 

basic  -1-  function  spaces 

yes 

with  restrictions 

basic  -I-  negative  constraints 

yes 

7 

Table  1:  Status  of  set  constraint  problems. 

operations  (instead  of  the  arity  of  constructors)  it  is  possible  to  achieve  polynomial  time  algorithms  for 
interesting  classes  of  constraints  [JM79,  MR85,  Hei92]. 

4  Algorithms 

At  the  current  time,  the  literature  on  set  constraint  algorithms  is  very  diverse  in  many  dimensions, 
with  a  wide  variety  of  notation  and  algorithmic  techniques  in  use.  Unfortunately,  no  reference  provides 
a  systematic  introduction  to  more  than  a  small  portion  of  the  body  of  existing  work.  This  section 
gives  a  very  brief  and  relatively  informal  overview  of  the  basic  algorithmic  issues  in  solving  systems  of 
set  C'  istraints.  For  a  more  detailed  treatment  of  the  various  algorithms,  the  interested  reader  should 
consult  sources  Usted  in  the  bibliography. 

All  set  constraint  resolution  algorithms  have  the  same  basic  structure.  An  initial  system  of  con¬ 
straints  is  systematically  transformed  until  the  constraints  reach  a  particular  syntactic  solved  form.  In 
most  cases,  the  solved  form  is  equivalent  to  one  or  more  regular  tree  grammars.  More  precisely,  the 
final  result  is  a  set  of  equations 

a  =  c(Ai, . . .,  An) U  . .  .U d(yi, . .  .,y,„) 
which  can  viewed  equivalently  as  the  productions  of  a  grammar 

a::=c(Ai,...,A„)|  . . .  [ d(y,, . .  .,yn.) 

The  language  generated  by  the  tree  grammar  then  describes  the  solution  of  the  constraints. 

Unfortunately,  this  simple  explanation  of  the  solutions  of  set  constraints  is  a  bit  oversimplified.  In 
reality,  set  constraints  are  more  general  than  tree  grammars.  In  the  solutions  of  set  constraints,  this 
extra  generality  appears  as  ‘%ee’’  variables  in  the  solved  form  equations.  A  free  variable  is  one  that  does 
not  appear  on  the  left-hand  side  of  any  equation.  Thus,  a  more  accurate  description  of  the  solutions  of 
set  constraints  is  that  they  are  tree  grammars  that  may  include  free  variables. 

At  their  core,  all  set  constraint  algorithms  have  two  characteristic  forms  of  constraints;  transitive 
constraints  and  structural  constraints.  Transitive  constraints  arise  from  combining  upper  and  lower 
bounds  on  variables: 

X  Ca  A  Qcy=>Acy 
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Because  of  the  need  to  resolve  transitive  constraints,  most  interesting  set  constraint  problems  have  at 
least  0{n^)  time  complexity. 

Structural  constraints  are  constraints  between  constructor  expressions: 

. Jf„)cc(y„...,y„) 

In  general,  there  may  be  many  incomparable  solutions  of  such  a  constraint.  For  example,  because  the 
semantics  of  a  constructor  is  essentially  a  cross  product,  a  constructor  expression  is  0  if  any  component 
is  0,  and  therefore  the  constraint  is  satisfied  if  X,-  =  0  for  any  t.  Of  course,  the  constraint  is  also  satisfied 
if  Xi  C  Yi  for  all  *.  Thus,  the  complete  set  of  solutions  is 

c(jyi,...,jrn)cc(yi,...,y„)^:^i  =  ov...vXn  =  ov(XicyiA...AA-„cy„) 

Searching  for  a  solution  of  such  a  constraint  requires  guessing  a  disjunct  that  can  be  satisfied.  This 
non-deterministic  choice  increases  the  complexity  of  set  constraint  problems  above  the  complexity  of 
the  corresponding  tree  automata  problems.  For  example,  deciding  whether  the  language  of  one  tree 
automata  is  a  subset  of  another  is  complete  for  EXPTIME  [Sei90];  solving  a  general  system  of  set 
constraint  inclusions  is  complete  for  NEXPTIME. 

If  it  is  known  that  the  system  of  constraints  under  consideration  has  a  least  solution  and  the  goal  is 
to  compute  only  the  least  solution,  then  it  is  easy  to  see  that  the  cases  Xi  =  0  need  not  be  considered 
and  the  last  case  can  be  chosen  deterministically.  Thus,  more  efficient  algorithms  are  possible  in  the 
special  case  that  a  system  of  constraints  has  a  least  solution. 

Finally,  the  set  operators  n,U,  and  -<  play  roles  very  similar  to  their  roles  in  other  logics.  There  are 
some  distributive  laws  involving  constructors,  but  these  are  not  surprising:* 


c(Xi,...,Xn)nc(yi,...,yn)  =  c(Xinyi,...,Xnny„) 

c(Xi\jYi,Z2,.--,Zn)  =  c{Xi,Z2,...,Zn)Oc{Yi,Z2,..-,Zn) 

->c{Xi,...,Xn)  =  c(-tJri,l,...,l)U...Uc(l,...,l,-'A'„)U  IJ  £l(l,...,l) 

For  set  constraint  problems  with  restricted  set  operations  and  where  the  constraints  have  least  solutions, 
it  is  possible  to  design  polynomial  time  algorithms  to  compute  the  least  solution;  for  examples,  see 
[JM79,  MR85,  Hd92,  Hei94].  If  the  set  operations  are  not  restricted,  then  it  becomes  possible  to 
describe  some  complex  sets  of  terms  very  succinctly  with  set  expressions,  which  raises  the  computational 
complexity  of  constraint  resolution  to  exponential  time. 

*  As  written,  the  law  for  negation  appears  to  require  that  the  set  of  all  constructors  d  such  that  d  ^  c  can  be  enumerated 
and  thus  the  set  of  constructors  must  be  finite.  In  fact,  this  restriction  is  not  necessary,  and  it  is  a  simple  matter  to 
implement  negation  for  infinite  sets  of  constructors. 
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5  Applications 

Set  constraints  have  a  long  history  and,  in  fact,  their  use  predates  the  term  “set  constraints”  by  many 
years.  The  basic  language  of  set  constraints  is  now  known  to  be  equivalent  to  the  monadic  class  of  logical 
formulas  [BGW93];  the  first  decision  procedure  for  the  monadic  class  was  given  by  Lowenheim  in  1915 
[Ldl5].  Within  the  realm  of  computer  science,  Reynolds  was  the  first  to  develop  a  resolution  algorithm 
for  a  class  of  set  constraints  [Rey69].  Reynolds  was  interested  in  the  analysis  and  optimization  of  Lisp 
programs.  In  this  application,  set  constraints  were  used  to  compute  a  conservative  description  of  the 
data  structures  in  use  at  a  program  point.  Using  this  information,  a  Lisp  program  could  be  optinoized 
by,  for  example,  eliminating  run-time  type  checks  where  it  was  provably  safe  to  do  so. 

Independently  of  Reynolds,  Jones  and  Muchnick  developed  a  different  analysis  system  for  Lisp 
programs  based  on  solving  systems  of  set  equations  [JM79].  This  analysis  was  used  not  only  to  eliminate 
d}mamic  type  checks  but  also  to  reduce  reference  count  operations  in  automatic  memory  management 
systems  based  on  reference  counting.  Recently  Wang  and  Hilfinger  have  proposed  another  analysis 
method  for  Lisp  based  on  set  equations  [WH92]. 

A  different  set  of  applications  provide  type  inference  algorithms  for  functional  languages  that  verify 
the  type  correctness  of  a  larger  class  of  programs  than  the  standard  Hindley /Milner  type  system.  Mishra 
and  Reddy  described  a  type  system  based  on  a  set  constraint  resolution  algorithm  that  could  handle 
considerably  more  complex  constraints  than  previous  algorithms  [MR85].  Thatte  introduced  partial 
types  [Tha88],  the  type  inference  problem  for  which,  while  substantially  different  from  earlier  systems, 
is  also  reducible  a  set  constraint  resolution  problem.  The  most  recent  work  in  this  area  is  due  to 
Wlmmers  and  the  author  [AW93,  AWL94],  who  provide  a  type  inference  system  that  generalizes  the 
results  in  [MR85,  Tha88].  An  implementation  of  this  last  system  is  publicly  available  (see  Section  6). 

A  natural  application  area  for  set  constraints  is  the  analysis  of  logic  programs.  The  idea  was  first 
explored  by  Mishra  [Mis84];  more  recently,  this  line  of  work  has  been  well  developed  in  a  series  of 
papers  by  Jaffar  and  Hdntze  [HJ90b,  HJ90a,  HJ92],  as  well  as  in  Heintze’s  thesis  [Hei92].  Many  of 
the  techniques  developed  in  [Hei92]  have  been  fruitfully  applied  to  compile  time  analysis  in  other  areas, 
especially  the  compile-time  analysis  of  ML  programs  [Hei94]. 

6  Conclusions  and  Directions 

Interest  in  set  constraints  originally  arose  from  the  needs  of  researchers  working  in  program  analysis. 
Currently,  there  is  a  lively,  continuing  interplay  between  the  theoretical  and  practical  efforts  in  the  area. 
Future  work  is  most  likely  to  proceed  along  three  lines.  First,  the  open  problems  in  Table  1  may  be 
resolved;  in  particular,  there  is  considerable  interest  in  understanding  the  combination  of  projections 
and  the  basic  language.  Second,  efforts  to  apply  set  constraints  to  new  problems  will  lead  to  additional 
variations  on  the  basic  language.  Third,  there  will  be  additional  effort  devoted  to  the  efficient  imple¬ 
mentation  of  set  constraint  resolution  algorithms.  This  is  likely  to  include  not  only  new  engineering 
techniques,  but  also  exploration  of  restricted  classes  of  constraints  for  which  good  worst-case  complexity 
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results  can  be  obt^ed. 

Besides  a  number  of  prototype  or  special  purpose  systems,  there  are  currently  two  substantial, 
complete  set  constraint  resolution  implementations,  one  by  Nevin  Heintze  at  CMU  [Hei92]  and  one 
by  the  author  and  colleagues  at  IBM.  The  latter  implementation  is  available  by  anonymous  ftp  and 
comes  with  a  type  inference  system  for  a  functional  language  based  on  solving  systems  of  set  constraints 
[AWL94].  To  get  this  system,  retrieve  the  iUe  pub/personal/aiken/Illyria.tar  .Z  from  the  machine 
82k-ftp.cs.berkeley.edu. 
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1  Introduction 

When  two  memory  accesses  refer  to  the  same  address,  and  at  least  one  of  those  accesses  is  a  write,  we  say 
there  is  a  data  dependence  between  the  accesses.  In  this  case,  we  must  be  careful  not  to  reorder  the  execution 
of  the  accesses  during  optimization,  if  we  are  to  preserve  the  semantics  of  the  program  being  optimized.  We 
therefore  need  accurate  array  data  dependence  information  to  determine  the  legality  of  many  optimizations 
for  programs  that  use  arrays.  Array  dependence  testing  can  be  viewed  as  constraint  analysis.  For  example, 
in  Figure  1,  determining  whether  or  not  any  array  element  is  noth  written  by  A[i,  j'fll  and  read  by  1  [100, 

,  is  equivalent  to  testing  for  the  existence  of  solutions  to  the  constraints  shown  on  the  right  of  the  figure. 
Since  integer  programming  is  an  NP-complete  problem,  ([GJ79]),  production  compilers  employ  techniques 
that  are  guaranteed  to  be  fast  but  give  conservative  answers;  they  might  report  a  possible  solution  when  no 
solution  exists.  We  have  explored  the  use  of  exact  constraint  analysis  methods  for  array  data  dependence 
analysis.  We  have  gone  beyond  simply  checking  for  satisfiability  of  conjunctions  of  constraints  to  being  able 
to  manipulate  arbitrary  Presburger  formulas.  This  has  allowed  us  to  address  problems  beyond  traditional 
dependence  analysis. 

In  our  previous  pa|>ers  [Pug92,  PW93a],  we  have  presented  timing  results  for  our  system  on  a  variety 
of  benchmark  programs,  and  argued  that  our  techniques  are  not  prohibitively  slow.  In  fact,  using  exact 
techniques  to  obtain  standard  kinds  of  dependence  information  requires  about  1%  —  10%  of  the  total  time 
required  by  simple  workstation  compilers  that  do  no  array  data  dependence  andysis  of  any  kind. 

Oiu  techniques  are  based  on  an  extension  of  Fourier  variable  elimination  to  integers.  Many  other  re¬ 
searchers  in  the  constraints  field  [Duf74,  LL92,  Imb93,  JMSY93}  have  stated  that  direct  application  of 
Fourier’s  technique  is  unpractical  because  of  the  number  of  redundant  constraints  generated.  We  have  not 
experienced  any  significant  problems  with  Fourier  elimination  generating  redundant  constraints,  even  though 
we  have  not  implemented  methods  suggested  [Duf74,  Imb93,  JMSY93}  to  control  this  problem.  We  believe 
that  our  extension  of  Fourier  elimination  to  integers  is  much  more  efficient  that  described  by  [Wil76]. 

In  this  paper,  we  summarize  some  of  the  constraint  manipulation  techniques  we  use  for  dependence 
analysis,  and  discuss  some  of  the  reasons  for  our  performance  results. 


for  i  s  1  to  a 
for  j  s  i  to  n 
Ali,  j+l3  ®  Atn,  j3 


1  S  ^  jv!  ^  n  (write  iteration  in  bounds) 
I  <ir  <jr  (read  iteration  in  bounds) 
iw  =  n  (first  subscripts  equal) 

/«,  +  !=  jr  (second  subscripts  equal) 


Figure  1:  Dependence  testing  and  associated  constraints 
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2  The  Omega  Test 

The  Omega  test  [Pug92]  was  originally  developed  to  check  if  a  set  of  linear  constraints  has  an  integer  solution, 
and  was  initially  used  in  array  data  dependence  testing.  Since  then,  its  capabilities  and  uses  have  grown 
substantially.  In  this  section,  we  describe  the  vuious  capabilities  of  the  Omega  test. 

The  Omega  test  is  based  on  an  extension  of  Fourier  variable  elimination  [DE73]  to  integer  programming. 
Other  researchers  have  suggested  the  use  of  Fourier  variable  elimination  for  dependence  analysis  [WT92, 
MHL91b]  but  only  as  a  last  resort  after  exact  and  fast,  but  incomplete,  methods  have  failed  to  give  decisive 
answers.  Wie  proved  [Pug92]  that  in  cases  where  the  fast  but  incomplete  methods  of  Lam  et  al.  [MHL91b] 
apply,  the  Omega  test  is  guaranteed  to  have  low-order  polynomial  time  complexity. 

2.1  Eliminating  an  existentially  quantified  variable 

The  basic  operation  of  the  Omega  test  is  the  elimination  of  an  existentially  quantified  variable,  also  referred 
to  as  shadow-casting  or  projection.  For  example,  given  a  set  of  constraints  P  over  x,  y  and  z  that  define,  for 
example,  a  dodecahedron,  the  Omega  test  can  compute  the  constraints  on  z  and  y  that  define  the  shadow 
of  the  dodecahedron.  Mathematically,  these  coiutraints  are  equivalent  to  Bz  s.t.  P.  But  the  Omega  test  is 
able  to  remove  the  existentially  quantified  variables,  and  report  the  answer  just  in  terms  of  the  free  variables 
(z  and  y). 

Over  rational  variables,  projection  of  a  convex  region  always  gives  a  convex  result.  Unfortunately,  the 
same  does  not  apply  for  integer  variables.  For  ex'>mple,  3y  s.t.  l<y<4Az  =  2y  has  z  =  2,  z  =  4,  z  =  6 
and  z  =  8  as  solutions.  Sometimes,  the  result  is  even  more  complicated.  For  example,  the  solutions  for  z  in: 

3i,  j  s.t.  l<t<8Al<i<5Az  =  6i  +  9j  —  7 

are  all  numbers  between  8  and  86  (inclusive)  that  have  remainder  2  when  divided  by  3,  except  for  11  and 
83. 

In  general,  the  Omega  test  produces  an  answer  in  disjunctive  normal  form:  the  union  of  a  finite  list  of 
clauses.  A  clause  may  need  to  describe  a  non-convex  region.  There  are  two  methods  for  describing  these 
regions: 

Stride  format  The  Omega  test  can  produce  clauses  that  consist  of  affine  constraints  over  the  free  variables 
and  stride  constraints.  A  stride  constraint  c|e  is  interpreted  as  “c  evenly  divides  e”.  In  this  form,  the 
above  solution  could  be  represented  as: 

z  =  8  V  (14<x<  80  A3|(z  -|- 1)  )  V  z  =  86 

Projected  format  Alternatively,  the  Omega  test  can  produce  clauses  that  consist  of  a  set  of  linear  con¬ 
straints  over  a  set  of  auxiliary  variables  ud  an  affine  1-1  mapping  from  those  variables  to  the  free 
variables.  Using  this  format,  the  above  solution  could  be  represented  as 

z  =  8  V  (3a  s.t.  5<a<27Az  =  3a  —  1)  V  z  =  86 

These  two  representations  are  equivalent  and  there  are  simple  and  efficient  methods  for  converting  between 
them. 

2.1;1  Our  extension  Fourier  elimination  to  integers 

U  0  <  bz  and  oz  <  a  (where  a  and  b  ace  positive  integers),  then  <  abz  <  ba.  If  z  is  a  real  variable, 
3z  8.t.  a0  <  abz  <  ba  if  and  only  if  a;9  <  6a.  Fourier  variable  elimination  eliminates  a  variable  z  by 
combining  together  all  pairs  of  upper  and  lower  bounds  on  z  and  adding  the  resulting  constraints  to  those 
constraints  that  do  not  involve  z.  This  produces  a  set  of  constraints  that  has  a  solution  if  and  only  if  there 
exists  a  real  value  of  z  that  satisfies  the  original  set  of  constraints. 

In  [Pug92]  and  Figure  2  we  show  how  to  compute  the  “dark  shadow”  of  a  set  of  constraints:  a  set 
oi  constraints  that,  if  it  has  solutions,  implies  the  existence  of  an  integer  z  such  that  the  original  set  of 
omstraints  is  satisfied.  Of  course,  not  all  solutions  are  contained  in  the  dark  shadow. 
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Eliminate  z  from  C7,  the  coi]Junction  of  a  set  of  inequalities 
False 

C' s  all  constraints  from  C  that  do  not  involve  z 
C"  =  C 

for  each  lower  bound  on  z:  0  <  bz 

for  each  upper  bound  on  z;  az  <  a 
C' =  CT' A  o;?  + (a  -  1)(6  -  1)  <  6a 
%  Misses  a0  <  abz  <  6o  <  +  (a  —  1)(6  —  1) 

%  Misses  0<bz<0+ 

let  Omax  =  max  coefficient  of  z  in  upper  bound  on  z 
for  i  =  0  to  ((oma  -  1)(6  -  1)  -  l)/<iinM  do 
R=  RVC  A0  +  i  =  bz 
%  C'  is  the  dark  shadow 
%  R  contains  the  splinters 
%  Cy  V  (3  integer  z  s.t.  iZ)  =  3  integer  z  s.t.  C 


Figure  2:  Extension  of  Fourier  variable  elimination  to  integers 


For  example,  consider  the  constraints: 

3y  s.t.  0<3y  —  x<7Al<a;  —  2y<5 

Using  Fourier  variable  elimination,  we  find  that  3  <  z  <  27  if  we  allow  y  to  take  on  non-integer  values.  The 
dark  shadow  of  these  constraints  is  5  <  z  <  25.  In  fact,  this  equation  has  solutions  for  z  =  3, 5  <  z  <  2^ 
and  z  =  29. 

In  [Pug92]  and  Figiue  2  we  give  a  method  for  generating  an  additional  sets  of  constraints  that  would 
contain  any  solutions  not  contained  in  the  dark  shadow.  These  “splinters”  still  contain  references  to  the 
eliminated  variable,  but  also  contain  an  equality  constraint  (i.e.,  are  fiat).  This  equality  constraint  allows  us 
to  eliminate  the  desired  variable  exactly.  For  the  example  given  previously,  the  splinters  are: 

3y  s.t.  z  =  3yA0<3y  —  z<7Al<z  —  2y<5 

3y  s.t.  x  +  1  =  3y  A  0<3y  —  z<7Al<z  —  2y<5 
3y  s.t.  z  —  5  =  2y  A  y  s.t.  0<3y  —  z<7Al<z  —  2y<5 
Simplifying  these  produces  clauses  in  projected  form: 

3y  s.t.  z  =  3yAl<y<5 

3y  s.t.  z  =  3y— lA2<y<6 
3y  s.t.  z  =  2y-}-5A5<y<  12 


2.2  Verifying  the  existence  of  solutions 

The  Omega  test  also  provides  direct  support  for  checking  if  integer  solutions  exist  to  a  set  of  linear  constraints. 
It  does  this  by  treating  all  the  variables  as  existentially  quantified  and  eliminating  variables  until  it  produces 
a  problem  containing  a  single  variable;  such  problems  are  easy  to  check  for  integer  solutions.  The  Omega 
test  incotp<»ates  several  extensions  over  a  naive  application  of  variable  elimination. 
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2.3  Removing  redundant  constraints 

In. the  normal  operation  of  the  Omega  test,  we  eliminate  any  constraint  that  is  made  redundant  by  any 
other  single  constraint  (e.g.,  z  +  y  <  10  is  made  redundant  by  z  +  y  <  5).  Upon  request,  we  can  use  more 
aggressive  techniques  to  eliminate  redundant  constraints.  We  use  fast  but  incomplete  tests  that  can  flag  a 
constraint  as  definitely  redundant  or  definitely  not  redundant,  and  a  backup  complete  test.  This  capability 
is  used  when  verifying  implications  and  simplifying  formulas  involving  negation. 

We  also  use  these  techniques  to  define  a  “gist”  operator;  informally,  (gist  P  given  Q)  is  what  is  “inter¬ 
esting”  about  P,  given  that  we  already  know  Q.  We  guarantee  that  ((gist  P  given  Q)aQ)  =  PaQ  and  try 
to  make  the  result  of  the  gist  operator  as  simple  as  possible.  More  formally,  gist  P  given  Q  returns  a  subset 
of  the  constraint  of  P  such  that  none  of  the  constraints  returned  are  implied  by  the  constraints  of  Q  and  the 
other  constraints  in  the  result. 

2.4  Simplifying  formulas  involving  negation 

There  are  two  problems  involved  in  simplifying  formulas  containing  negated  conjuncts,  such  as 

— 10  <  i  -1-  j,  i  -  j  <  10  A  ->(2  <  »,  J  <  8  A  2|»  j) 

Naively  converting  such  formulas  to  disjunctive  normal  form  generally  leads  to  an  explosive  growth  in  the 
size  of  the  formula.  In  the  worst-case,  this  cannot  be  prevented.  But  we  [PW93a]  have  described  methods 
that  ate  effective  in  dealing  with  these  problems  for  the  cases  we  encounter.  One  key  idea  to  to  recognize 
that  we  can  transform  A  A  ->B  to  A  A  ->(gist  B  given  A).  Given  several  negated  clauses,  we  simplify  them  all 
this  way  before  choose  one  to  negate  and  distribute. 

Secondly,  previous  techniques  for  negating  non-convex  constraints,  based  on  quasilinear  constraints 
[AI91],  were  discovered  to  be  incomplete  in  certain  pathological  cases  [PW93a].  We  [PW93a]  describe  a 
method  that  is  exact  and  complete  for  all  cases. 

2.5  Simplifying  arbitrary  Presburger  formulas 

Utilizing  the  capabilities  described  above,  we  can  simplify  and/or  verify  arbitrary  Presburger  formulas. 
In  general,  this  may  be  prohibitively  expensive.  There  is  a  known  lower  bound  of  on  the  worst  case 

nondeterministic  time  complexity,  and  a  known  upper  bound  of  2^  on  the  deterministic  time  complexity, 
of  Presburger  formula  verification.  However,  we  have  found  that  we  are  able  to  efficiently  analyze  many 
Presburger  formulas  that  arise  in  practice. 

For  example,  our  current  implementation  requires  12  milliseconds  on  a  Sun  Sparc  IPX  to  simplify 

1  <  i  <  2n  A  1  <  i"  <  2n  A  i  =  i" 

A  -<(  3i',j'  s.t.  1  <  i'  <  2n  A 1  <  j'  <  n  -  1  A  i  <  i'  A  i'  =  i"  A  2j'  =  i"  ) 

A  -<(  3i',  j'  s.t.  1  <  i'  <  2ii  A  1  <  j'  <  n  —  1  A  i  <  i'  A  i'  =  i"  A  2j'  -I- 1  =  i"  ) 

to 

(1  =  i  =  i"  <  n)  V  (1  <  i  =  i"  =  2n)  V  (1  <  i  =  i"  <  2  A  n  =  1) 


Related  work 

Other  researchers  have  proposed  extensions  to  Fourier  variable  elimination  as  a  decision  method  for  array 
data  dependence  ans>1ysis  [MHL91a,  WT92,  IJT91].  Lam  et  al.  [MHL91a]  extend  Fourier  variable  elimination 
to  integers  by  computing  a  sample  solution,  using  branch  and  bound  techniques  if  needed.  Michael  Wolfe 
and  Chau-Wen  Tseng  [WT92]  discuss  how  to  recognize  when  Fourier  variable  elimination  may  produce  a 
conservative  result,  but  do  not  pve  a  method  to  verify  the  existence  of  integer  solutions.  These  methods  are 
decision  tests  and  cannot  return  symbolic  answers. 

Corinne  Ancourt  and  Ftaa^is  Irigoin  [AI91]  describe  the  use  of  Fourier  variable  elimination  for  quantified 
variable  elimination.  They  use  this  to  generate  loop  bounds  that  scan  convex  polyhedra.  They  extend 
Fourier  variable  elimination  to  integers  by  introducing  floor  and  ceiling  operators.  Although  this  makes  their 
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elimiaation  exact,  it  may  not  be  possible  to  eliminate  additional  variables  from  a  set  of  constraints  involving 
floor  and  ceiling  operators.  This  limits  their  ability  to  check  for  the  existence  of  integer  solutions  and  remove 
redundant  constraints. 

Cooper  [Coo72]  describes  a  complete  algorithm  for  verifying  and/or  simplifying  Presburger  formulas.  His 
method  for  quantified  variable  elimination  always  introduces  disjunctions,  even  if  the  result  is  convex.  We 
have  not  yet  performed  a  head-to-head  comparison  of  the  Omega  test  with  Cooper’s  algorithm.  However, 
we  believe  that  the  Omega  test  will  prove  better  for  quantified  variable  elimination  when  the  result  is  convex 
and  better  for  verification  of  a  formula  already  in  disjunctive  normal  form.  Cooper’s  algorithm  does  not 
require  formulas  to  be  trztnsformed  into  disjunctive  normal  form  and  may  be  better  for  formulas  that  would 
be  expensive  to  put  into  disjunctive  normal  form  (although  our  methods  for  handling  negation  address  this 
as  well). 

The  SUP-INF  method  [Ble7S,  Sho77]  is  a  semi-decision  procedure.  It  sometimes  detects  solutions  when 
only  real  solutions  exist  and  it  caimot  be  used  for  symbolic  quantified  variable  elimination. 

H.P.  Williams  [Wil76]  describes  an  extension  of  Fourier  elimination  to  integers.  His  scheme  leads  to  a 
much  more  explosive  growth  than  our  scheme.  If  the  only  constraints  involving  an  eliminated  variable  x  are 
L  <  lx  and  ux  <  U,  his  scheme  produces  lcm(i,u)  clauses,  while  ours  produces 


1  + 


max(f,  u) 


clauses.  If  there  are  p  lower  bounds  X,  <  liX  and  q  upper  bounds  ujx  <  Uj,  Williams’  method  produces  a 
formula  that,  when  converted  into  disjunctive  normal  form,  contains 


JJ  lcm(/<,Uj) 

l<»<pAl<i<4 

clauses,  while  the  number  of  clauses  produced  by  our  scheme  is 


1  -I- min 


(max(f.)  -  l)(u,  -  1) 
max(/,) 


max(u^ 

For  example,  if  the  /,’s  are  {1, 1, 1,2, 3, 5}  and  the  Uj's  are  {1, 1,3,7},  Willieuns’  rr  d  produces 

23156852670000 


clauses,  while  ours  produces  12.  It  is  almost  certainly  possible  to  improve  Williams’  method  while  using  the 
same  approach  as  Williams,  but  we  know  of  no  description  of  such  an  improvement. 

Jean-Louis  Lasses  [LHM89,  LL92,  HLL92]  gives  an  alternative  to  Fourier  variable  elimination  for  elim¬ 
ination  of  existentially  quantified  variables.  However,  his  methods  work  over  real  variables,  are  optimized 
for  dense  constraints  (constraints  with  few  zero  coefficients)  and  are  inefficient  when  the  final  problem  con¬ 
tains  more  thaui  a  few  variables  since  they  build  a  convex  hull  in  the  space  of  variables  remaining  after  all 
quantified  variables  have  been  eliminated. 


3  Constraint  Based  Dependence  Analysis 

Array  dependence  testing  can  be  viewed  as  constraint  analysis.  Simply  testing  for  the  existence  of  a  depen¬ 
dence  (as  in  Figure  1)  is  equivalent  to  testing  for  solutions  to  a  set  of  constraints. 

We  can  also  use  constraint  manipulation  to  obtain  information  about  the  possible  differences  in  the 
values  of  the  corresponding  index  variables  at  the  times  of  the  two  accesses  (this  information  can  be  used 
to  test  for  the  legality  of  some  program  transformations).  To  do  so,  we  introduce  variables  corresponding  to 
these  differences,  and  existentially  quantify  and  eliminate  all  other  variables.  Alternatively,  we  can  choose 
to  diminate  everything  but  the  symbolic  constants,  and  thus  determine  the  conditions  under  which  the 
dependence  exists  ([PW92]). 
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Program  to  be  analyzed; 


lor  j  s  0  to  20  do 

tor  i  *  aazC-j.-lO)  to  0  do 
lor  k  =  maxC-j.-lO)-!  to  -1  do 
lor  1  s  0  to  S  do 

a<l,  i,j)  =  ...  a(l,  k,i+j)  . 

Constraiuts  before  equality  substitution: 

j  I  fiw  I  Jr  I  1  fr  S.t. 

*  I'r  iw  ^  ^‘J  “  Jr  ■”  jw 

Ak  =  kr  —  k^  A  Al  =  Ir  —  Iw 

Iw  —  Ir  A  ^  kr  A  J^u  —  Jr  tr 

0  <  J«,  <  20 
—10,  —jw  <  »«»  <  0 

— Jn,  **  tw  ,  ^10  —  tw  ^  kw  ^  ”  1 

0  <  /«  <  5 

0  <  Jr  <  20 
-10,-Jr<«r  <0 
-Jr  -  »r,  -10  -  t'r  <  tr  <  -1 

0  <  ^  <  5 


CoDstr2dnts  after  equality  substitution: 
3jr,lw  s.t. 

0  <  /„,  <  5 
0  <  Jr  <  20 
3Aj  +  2Ai  +  Ai  <  j, 

Aj  <  jr  <  20  +  Aj 
2Aj  +  At  <  jr 
2Aj  +  2Aj  +  Ai  <  10 
1  <  Aj  +  At  +  Ak 
1  <  Aj  +  At  <  10 
0  <  Aj  <  10 
2Aj  +  At  <  10 
A/:=  0 

Constraints  after  eliminating  and  jV : 

2Aj  +  At  <  10 
0  <  Aj  <  10 
3Aj  +  2At  +  Ai  <  20 
2Aj  +  2At  +  Aib  <  10 
1  <  Aj  +  At  +  Ak 
1  <  Aj  +  At  <  10 
A/  :=0 


Figure  3:  Constraint-based  dependence  analysis 


Figure  3  shows  a  relatively  complicated  example  of  constraint-based  dependence  analysis,  from  one  of  the 
NASA  NAS  benchmarks.  Note  that  our  techniques  for  eliminating  equalities  let  us  reduce  both  the  number 
of  variables  and  the  number  of  constraints  before  resorting  to  Fourier  elimination. 

If  we  extend  our  constraint  manipulation  system  to  handle  negated  conjunctions  of  linear  constraints, 
we  can  include  constraints  that  rule  out  the  dependences  that  are  “killed”  by  other  writes  to  the  array, 
producing  array  data  flow  information  ([PW93a]).  The  analysis  tells  us  the  source  of  the  value  read  at 
any  particular  point;  standard  array  data  dependence  tests  just  tell  us  who  had  previously  written  to  the 
memory  location  read  at  any  particular  point.  We  have  also  found  that  our  use  of  constraints  to  represent 
dependences  is  useful  for  other  forms  of  program  analysis  and  transformation  ([Pug91,  PW93b,  KP93]). 


4  Experiences 

One  of  the  main  drawbacks  of  Fourier’s  method  of  variable  elimination  is  the  huge  number  of  constraints 
that  can  be  generated  by  repeated  elimination,  many  of  which  could  be  redundant.  Other  researchers  have 
found  Fourier’s  technique  to  be  prohibitively  expensive  [HLL92,  lmb93]  and  have  proposed  either  alternative 
methods  for  projection  [HLL92]  or  methods  to  avoid  generating  so  many  redundant  constraints  [Imb93]. 

Our  experiences  have  been  exactly  the  opposite.  We  have  found  Fourier’s  method  to  be  efficient,  and  do 
not  e3q)erience  substantial  increases  in  the  number  of  constraints.  Our  empirical  studies  have  shown  that 
Fourier’s  method  can  be  used  in  dependence  analysis  without  a  significant  impact  on  total  compile  time 
[Pug92,  PW93a].  The  average  time  required  for  memory-based  analysis  (as  in  Figure  1)  was  well  under  1 
millisecond  per  pair  of  references,  and  the  average  time  for  array  data  flow  analysis  a  few  milliseconds.  These 
time  trials  were  measured  on  a  set  of  benchmarks  that  includes  some  of  the  NASA  NAS  kernels  and  some 
code  Atom  the  Perfect  Club  Benchmarks  ([B'^89]). 

We  believe  this  speed  is  the  result  of  several  attributes  of  the  sets  of  constraints  we  produce  for  dependence 
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#  of  constraints  involving 


Averages 

when 

#  vars 

kind 

1  var 

2  vars 

3-1-  vars 

total 

initial 

5.6 

as  given 

2.9 

3.3 

1.4 

7.6 

nonredundant 

2.0 

2.1 

0.9 

5.0 

final 

2.4 

as  generated 

1.8 

0.5 

0.1 

2.4 

nonredundant 

1.2 

0.3 

0.07 

1.6 

a  worst-case 

1  #  of  constraints  involving 

(but  noncontrived) 

when 

#  vars 

kind 

1  var 

2  vars 

3-1-  vars 

total 

example 

initial 

5 

as  given 

6 

5 

4 

15 

encountered 

nonredundant 

4 

2 

3 

9 

in  benchmarks 

final 

3 

as  generated 

2 

3 

3 

8 

nonredundant 

1 

2 

2 

5 

Figure  4:  Characteristics  of  constraint  sets  used  in  dependence  analysis 


analysis.  First,  loop  bounds  and  array  subscripts  are  often  either  constant  or  a  function  of  a  single  variable. 
If  all  loop  bounds  and  array  subscripts  have  this  form,  all  of  our  constraints  will  involve  only  one  or  two 
variables.  Variable  elimination  is  much  less  expensive  within  this  restricted  domain  (known  as  LI(2)),  even  if 
we  use  the  general  algorithm.  The  number  of  constraints  generated  is  bounded  by  a  subexponential  (though 
more  than  polynomial)  function,  rather  than  the  2"^^  of  the  general  case  [Cha93,  Nel78]. 

Second,  our  constraints  contain  many  unit  coefficients.  When  the  non-zero  coefficients  in  a  sparse  set  of 
constraints  are  all  ±1,  projection  ends  up  producing  many  parallel  constraints,  which  can  then  be  eliminated 
by  our  simple  test  for  redundant  constraints.  Variable  elimination  in  a  LI(2)  problem  with  unit  coefficients 
preserves  unit  coefficients  (after  dividing  through  by  the  gcd  of  the  coefficients).  Under  such  situations, 
there  cannot  be  more  than  O(n^)  non-parallel  constraints  over  n  variables,  and  our  method  needs  no  more 
then  O(n^)  time  to  eliminate  as  many  variables  as  desired  [Pug92]. 

Finally,  our  constraint  sets  contain  numerous  equality  constraints.  Since  we  use  these  constraints  to 
eliminate  variables  without  resorting  to  projection,  they  help  to  keep  down  the  size  of  the  constraint  sets 
that  we  must  manipulate  with  Fourier’s  technique. 

4.1  Empirical  studies  of  dependence  analysis  constraints 

We  instrumented  our  system  to  analyze  the  types  of  constreiints  we  deal  with  during  dependence  analysis. 
For  each  application  of  the  Omega  test,  we  analyzed  the  constraints  that  remmned  (a)  after  our  initial 
removal  of  equality  constraints  and  (b)  after  we  had  either  eliminated  all  but  two  variables  or  run  out  of 
quantified  variables  to  eliminate.  In  doing  this  analysis,  we  computed  real  shadows,  as  opposed  to  integer 
shadows  (because  the  integer  shadow  may  not  be  a  simple  conjunct).  However,  we  still  performed  a  number 
of  other  operations  to  rule  out  non-integer  solutions  (such  as  normalizing  2z  -h  4y  >  3  to  z  -I-  2y  >  2). 

When  analyzing  a  set  of  constraints,  we  counted  the  number  of  variables,  and  counted  (separately)  the 
number  of  constraints  that  involved  1,  2  or  3+  vuiables.  We  then  eliminated  a// redundant  constraints,  and 
recounted. 

We  performed  these  tests  over  our  dataflow  benchmark  set  [PW93a],  which  includes  some  of  the  NASA 
NAS  kernels  and  some  code  from  the  Perfect  Club  Benchmarks  ([B+89]).  In  total,  we  considered  1144  sets 
of  constraints,  and  obtained  the  results  shown  in  Figure  4. 

Note  that  our  methods  always  check  for  parallel  constraints  and  eliminate  the  redundant  one  immediately 
(®*g->  given  z  +  y  <  5  and  z  +  y  <  10,  the  second  is  eliminated).  This  can  be  done  in  constant  time  per 
constraint  (through  the  use  of  a  hash  table). 

Quite  surprisingly,  in  none  of  the  1144  cases  did  the  number  of  constraints  increase  as  variables  were 
eliminated  (this  is  without  any  redundant  constraint  elimination  other  than  elimination  of  parallel  redundant 
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Nunibw  of  Ckmtrainto  During  EHniinatt^  MaxiiTHimNuirt)«r<riConslraintoDuritH) 


Variable  Eimination  Method 


Constraint  Set  Size 


Figuie  5:  Factors  that  affect  explosion  of  constraints 
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constraints). 

4.2  Empirical  studies  of  random  constraints 

To  better  understand  the  reasons  for  our  good  fortune  in  avoiding  an  explosion  of  constraints,  we  also  studied 
the  behavior  of  Fourier  elimination,  on  sets  of  random  constraints.  Figure  5  shows  the  results  of  these  studies. 

In  each  experiment,  we  fixed  the  number  of  constraints  and  variables,  added  one  random  non-zero  to  each 
constraint.  When  then  projected  the  constraints  onto  the  first  two  variables,  and  recorded  the  maximum 
number  of  constraints  encounted  during  the  elimination.  We  then  added  an  additional  nonzero  coefficient 
to  the  original  set  of  constraints,  and  repeated  the  projection.  We  continued  doing  this  until  the  problem 
had  no  non-zeros  left.  Each  line  represents  the  median  of  5-21  experiement.  The  key  gives  the  elimination 
method  used,  the  number  of  initial  constraints  and  the  number  of  initial  variables. 

The  top  graph  compares  the  effectiveness  of  several  variations  on  Fourier’s  method  ; 

Fourier  Standard  Fourier  elimination  of  all  variables  in  a  random  order 

Ordered  Fourier  Standard  Fourier  elimination  in  which  we  choose  to  eliminate  first  the  variable  that 
produces  the  smallest  increase  in  the  number  of  constraints 

Ordered  Unit  Fourier  Ordered  Fourier  elimination  combined  with  detection  of  parallel  redundant  con¬ 
straints.  For  this  test,  values  of  the  coefficients  affect  the  performance;  to  show  this  technique  at  its 
best,  we  restrict  the  (non-zero)  coefficients  to  ±1. 

Fourier-Imbert  Fourier  elimination  combined  with  a  partial  application  of  Imbert’s  method  [Imb93]  of 
redundant  constraint  detection.  We  use  Theorem  10  of  [Imb93]  to  determine  that  some  constraints  are 
redundant.  However,  we  do  not  use  the  more  expensive  comparison  or  matrical  tests. 

The  lower  four  lines  show  the  performance  on  sets  of  15  constraints  on  5  ''ariables,  as  per  the  most  extreme 
cases  we  encountered  during  dependence  analysis.  The  upper  four  lines  correspond  to  sets  of  30  constraints 
on  15  variables. 

Imbert’s  technique  is  clearly  important  for  dense  constraints,  but  until  we  approach  seven  constraints 
per  variable,  even  standard  Fourier  elimination  is  well  behaved  for  constraint  sets  of  the  sizes  that  we 
have  encountered  in  oiu  work  with  dependence  analysis.  At  intermediate  densities  with  unit  coefficients, 
eliminating  parallel  constraints  is  more  useful  and  important  than  computing  historical  subsets. 

Note  that  the  “worst  case”  example  from  Figure  4  started  with  15  constraints  over  5  variables  and  almost 
6  constraints  on  each  variable.  As  can  be  seen  in  Figure  5,  this  is  just  a  little  less  complex  than  the  point 
where  Fourier  elimination  over  unit  coefficients  starts  to  run  into  problems.  We  generally  deal  with  constraint 
sets  with  fewer  than  three  constraints  per  variable.  In  this  region  of  the  graph,  the  number  of  constraints 
does  not  grow  with  projection. 

The  graph  on  the  bottom  of  Figure  5  shows  the  result  of  standard  Fourier  elimination  with  constraint 
sets  of  various  sizes.  Notice  that,  in  all  cases,  the  number  of  generated  constraints  does  not  become  excessive 
as  long  as  we  start  with  an  average  of  fewer  than  4  constraints  on  each  variable.  Thus,  we  believe  the  Omega 
test  could  be  useful  for  sparse  problems  that  are  significantly  larger  than  those  that  arise  in  dependence 
analysis. 

5  Conclusions 

Other  researchers  [HLL92,  Imb93]  have  been  quite  leary  of  Fourier  variable  elimination.  These  researchers 
have  studied  the  dfectiveness  of  Fourier  variable  elimination  on  sets  of  dense  constraints.  Our  experience 
has  lead  us  to  believe  that  Fourier’s  method  has  quite  different  characteristics  (and  is  quite  efficient)  when 
applied  to  sparse  constraints.  Furthermore,  we  believe  that  sparse  constraints  arise  in  mzmy  applications. 

We  have  extended  our  work  beyond  Fourier  variable  elimination:  first  to  handling  variable  elimination 
for  integer  variables,  and  then  to  simplifying  arbitrary  Presburger  formulas.  We  hope  these  extensions  may 
be  of  interest  to  a  broader  community. 
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6  Availability 

Technical  reports  about  the  Omega  test  and  an  implementation  of  the  Omega  test  are  available  via  anony¬ 
mous  ftp  from  ftp .  cs .  und .  edn :  pub/osiegaor  the  world  wide  web  http :  //usu .  cs .  umd .  edu/pro  j  ects/omega. 
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Abstract 

Hie  development  of  a  system  based  on  constraint  programming  includes  two  main  {diases:  first,  the  problem 
to  be  solved  is  fonnulated  as  a  constraint  satisfaction  problem;  tben,  the  formulation  is  implemented  in  a 
constraint-programming  language.  Constraint-programming  research  has  mainly  concentrated  on  the  second 
phase,  by  stwtying  poswrfiil  declarative  languages  diat  automatically  propagate  the  constraints  in  a  program. 
Nevertheless,  when  devekfung  a  solution  to  a  real-world  problem,  the  cost  due  to  the  first  one,  design,  is 
more  relevant  This  pi^ier  addresses  the  issue  of  effectively  designing  models  real-world  constraint 
satisfaction  problems. 


1  Introduction 

A  constraint  satisfaction  problem  (CSP)  can  be  fonnubded 
as  follows:  given  a  set  variables  and  a  set  of  constraints 
diat  limit  die  camUnation  oi  values  at  the  variables,  find 
one  assignment  values  to  the  variables  such  that  all  the 
constraints  are  satisfied. 

A  laige  number  ot  problems  in  many  areas  of  ccxnputa 
science  can  be  viewed  as  qiedal  cases  of  constraint 
sadsCacdon  problems  (for  a  survey  see  [Nad90]). 

To  stdve  more  effectively  this  type  of  problems,  several 
copstraint-pfogtamming  languages  have  been  develtqied  (for 
a  survey  see  [Rot93]).  The  basic  idea  of  diese  environments 
is  to  provide  a  declarative  language  where  the  programmer 
just  defines  variables  and  constraints,  while  the  propagadon 
engine  at  die  language  antomadcally  computes  the 
assignment  values  that  satisfies  die  constraints. 

The  audKx's  Dqnttmeiit  at  Bull  developed  a  cmistraint- 
progfamming  imbistrial  euviroament,  Ounne  [Opl89],  and 
soocessively  a  nomber  of  real-worid  qiplicadons  based  tm  it 
[C3ia94,  DAn92.  Gos93,  MaT89,  PMT92]. 

From  these  experiences,  it  emerged  diat  the  main  cost  of  a 
oonsiiaint-based  apfriicadon  is  the  design,  rather  than  the 
inqifeineiitiiioit  It  was  also  observed  the  lade  of  a 
mediodoiQgy  to  define  die  model  of  die  problem,  possibly  in 
tight  ocrilaboratioo  widi  the  end  user. 


TUt  wetk  WM  pwtUBy  inpfMittd  by  ftiwBas  from  the  CoomitfioB  cf  the 
Bnrapeau  CwmuiMw  w  pvt  «r  die  ESPRIT  Project  S29I,  CHIC- 
OimtfilutHmdBigiuludiiitrymdComnieroe. 


This  p^ier  discusses  the  limitations  of  the  notion  of  CSP  to 
represent  ieal-w<vld  problems  and  extends  it  along  the 
object-oriented  paradigm  to  overcome  those  limitations; 
then,  it  outlines  desirable  feauues  of  a  design  methodology 
for  constraint  programming  and  sketches  a  design 
methodology  that  embodies  such  features  for  the  extended 
notion  of  eSPs;  finally,  it  revisits  a  classical  example  where 
the  proposed  methodology  dramatically  reduces  the  size  of 
the  model. 


2.  Constraint  Satisfaction  Problems 

A  constraint  satisfaction  problem  is  defined  by  a  set 
of  variables,  each  associated  with  a  domain 
reflectively,  and  a  set  C,,..,C„  of  ccxistraints,  Le.,  subsets  of 
DiX..xD,. 

eSPs  have  extensively  been  studied  to  develt^  various 
types  of  consistency  algorithms  (for  a  survey,  see  [Kum92]). 
Nevertheless,  when  real-world  problems  are  tackled,  CSPs 
suffer  from  the  following  limitations: 

0  variables  are  semantically  poor  entities 
(2>  the  only  relations  over  variables  are  constraints 
0  variables  cannot  be  organized. 

0  It  is  the  usual  case  that  entities  participating  to  a  problem 
are  characterized  by  more  than  tme  feature.  Rh’  example, 
a  task  is  cbaracterked  by  its  name,  start  time,  duration, 
etc.  Furthermore,  several  features  can  be  initially 
unknown,  sudi  as  the  start  time  of  a  task  and  the 
marhiiw.  assigned  to  it  This  is  not  expressible  in  CSPs, 
because  the  only  feature  of  a  variable  is  its  domain. 
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(2>  As  a  consequence,  all  the  relations  of  a  CSP  are  over 
domains,  Le.,  diey  are  constraints.  On  the  ctwtrary,  when 
solving  leal-worid  problems  it  is  necessary  to  define 
other  relations  (e.g.  a  given  task  enq>loys  a  given 
resource)  and  confine  the  combinatorial  compcmeat  to 
parts  of  the  problem. 

(3>  When  defining  a  problem,  it  is  often  useful  to  aggregate 
entities  according  to  some  critericn.  This  is  not  possible 
in  CSFs,  because  variables  are  just  gathered  in  a  set,  i.e. 
a  fhtt  structure,  and  they  cannot  be  organized  at  any  level 
of  abstraction. 

Each  CSP  can  be  grairiiically  represented  as  a  constraint 
graph  in  udiich  nodes  represent  variables  and  edges 
represent  constraints.  In  principle,  constraint  grains  could 
be  employed  to  model  CSFs.  In  practise,  they  are 
untractable  few  real-world  problems,  as  mentioned  in  0. 

For  instance,  to  rqxesent  a  binary  global  constraint,  the 
number  trf  edges  to  be  drawn  grows  as  the  square  of  the 
number  of  nodes,  udiich  is  untractable  when  the  size  of  the 
problem  grows  conaderably.  In  general,  it  is  possible  to 
ccmclude  that  the  constraint  grsq>h  is  not  appropriate  to 
model  CSFs. 

3.  Enhancing  Constraint  Satisfaction 
Problems 

To  overcome  the  mentioDed  limitations,  the  definition  of 
CSP  is  enhanced  through  concepts  doiving  firsn  the  object- 
oriented  paradigm.  The  main  difference  is  that  here  objects 
do  not  have  methods  (but  just  data  members)  since  their 
state  is  updated  by  the  constraints. 

The  stdution  that  we  propose  relies  on  abstraction,  Le., 
recognizing  similarities  and  concoitrating  on  them. 
Abstractions  are  defined  both  for  variables  and  constraints 
ftdlowing  the  object-oriented  paradigiiL  This  leads  to  an 
mhancM  model.  Called  object-oriented  constraint 
satitfaction  problem  (OOCSP). 

An  attribute  is  a  feature  of  some  type.  Types  are  associated 
with  domains.  An  object  is  a  collection  of  attributes.  Object 
attributes  corresptxid  to  variables  in  CSFs.  The  set  of 
attributes  ot  an  object  defittes  the  structure  of  the  object 
Objects  sharing  the  same  structure  are  grouped  into  classes. 
Qmses  are  organized  into  a  hierarchy.  The  structure  of  a 
lower  class  includes  diat  of  a  higher  dass. 

To  distinguish  associations  over  objects  fnxn  those  over 
classes,  we  call  associations  the  former  and  class 
associations  the  latter.  In  particular,  a  (class)  association  is 
called  (class)  constraint  if  it  is  defitted  over  (class)  object 
attributes,  otherwise  it  is  called  (class)  relation.  Constraints 
on  object  attributes  have  die  same  meaning  as  in  CSFs, 
while  constraints  on  classes  induce  omstraints  on  objects. 


A  solution  to  an  (XX^SP  is  an  assignntent  of  domain  values 
to  object  attributes  such  that  all  the  constraints,  including 
those  induced,  are  satisfied.  Each  <X)CSP  can  be 
graphically  represented  as  an  object  constraint  graph,  as 
explained  in  the  section  S. 


4.  Design 

By  design,  we  mean  the  creation  of  a  model  of  the  problem, 
as  understood  through  analysis,  consisting  of  abstracticuis 
and  relationships  that  provide  an  architecture  fw 
implementation. 

While  it  is  quite  well  understood,  for  traditional  software 
develt^ment,  what  the  desirable  features  of  a  good  design 
and  its  resulting  model  should  be,  this  topic  has  not  been 
much  addressed  in  the  field  of  constraint  programming. 

We  would  like  the  design  of  a  constraint-based  ai^licati(» 
to  be 

•  problem  driven 

•  methodological 

•  ctanputer  aided 

•  interactive. 

Problem  Driven.  Design  should  concentrate  c»  the  essence 
of  the  problem  in  exam  without  influences  from  tangible 
OHnponents  such  as  a  target  platform  or  language.  It  should 
be  a  straightforward  activity  for  expats  of  the  domain  in 
exam,  even  with  no  computer  skills. 

Methodological.  Design  should  follow  a  methodology, 
based  on  massive  succesfiil  experiences,  aiming  at 
identifying  and  ordering  the  main  steps  of  the  process. 

Conqiater  Aided.  Design  should  be  su^iorted  by  tools  that 
make  it  more  effective  and  faster  while  possibly  controlling 
it 

Interactive.  Design  should  facilitate  and  stimulate  the 
participation  of  domain  experts 

Desirable  features  of  the  model  yielded  by  design  are 

•  visual 

•  compact 

•  dynamic 

•  composable 

•  modular 

•  multi  purpose 

•  reusable 

•  language  independent 

•  executable. 
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VbvaL  bituitive  gnqiiiical  foanalisms  should  be  onployed 
to  study  and  define  die  abstractions  and  leladonships  in  the 
model. 

Compact  The  model  should  be  compact  and  possibly 
provide  different  levels  of  abstractions. 

Dynamic.  The  model  diould  account  for  problems  that 
change  nqddly,  fm  instance  because  their  size  grows. 

Compoeable.  It  should  be  possible  to  conpose  models  to 
define  new  bigger  models  with  more  functionalities. 

Modular.  The  model  should  be  decomposable  into 
consistent  views,  each  one  focusing  on  a  different  aspea  of 
the  problem. 

Multi  purpose.  It  should  be  possible  to  enqiloy  the  model  to 
investigate  different  aspects  of  the  problei^  for  instance  by 
asking  different  questions. 

Reusable.  It  should  be  possible  to  use  the  model  as  a 
starting  point  for  new  models  of  related  problems. 

Language  independoit  The  model  should  be  easily 
iiqilemented  in  any  constraint-programming  language. 

Executable.  It  should  be  possible  to  autoDoatically  generate 
code  in  a  target  constraint-programming  language.  In  such  a 
way,  the  model  could  be  executed  to  provide  immediate 
feedback  on  problem  formulation. 


5.  Design  Methodology 

A  mAhodology  to  design  OCXTSP's  that  embodies  the 
features  foreseen  in  the  previous  section  is  here  sketched.  It 
based  on  classical  otgect-onented  design  methodologies  {fof 
a  survey  see  [Fow93]),  and  adtqited  to  the  ctmstraint- 
ptogramming  domain.  The  methodology  consists  of 

•  a  notation  to  rqnesent  the  model 

•  a  process  to  construct  the  model 

The  notation  consists  of  gitqihical  entities  that  are  combined 
to  generate  objea  constraint  gnqihs,  the  models  of 
OOCSP’s.  Dotted  boxes  denote  clas^  while  solid  boxes 
dmiote  objects.  Edges  denote  assodatioos  and  directed 
edges  inheritance  ^g.  1).  Classes  and  objects  are 
rqxesmited  on  two  differmit  plans  (classes  in  the  uppa  level 
and  Objects  in  the  lower  one). 


Association  inhoritanoa 

_ ^ 

Objwt 

I _ j 

Fig.  1.  The  iwulioB  ooofifU  at  gnfbical  eatitiet  Uiu  ate 
oontbiaed  iaco  olgect  GOMtiaiDt  graiiha,  the  modds  of  OOCSPs. 


The  process  consists  of  the  following  four  steps; 

•  identify  classes  and  objects 

•  identify  the  semantics  of  these  classes  and  objects 

•  identify  the  associations  among  these  classes  and  objects 

•  identify  the  semantics  of  these  associations. 

The  purpose  of  the  first  stqp  is  identifying  classes  and 
(Ejects  to  establish  the  boundaries  of  tte  problem.  The 
purpose  of  the  second  step  is  establishing  the  feanires  of  the 
ab^raclions  identified  at  the  previous  step.  The  purpose  of 
the  third  step  is  identifying  the  depradencies  among 
abstractitms.  The  fourth  step  formally  specifies,  through 
logical  formulae,  the  meaning  of  the  associations  identified 
in  the  previous  steps.  This  issue  is  futher  discussed  in  the 
next  sectirm. 

The  process  is  incremental  and  iterative.  It  is  incremental 
because  when  new  classes,  objects  or  associations  are 
identified,  existing  classes,  objects  and  assodations  can  be 
refined  and  improved.  It  is  iterative,  because  the  definition 
of  new  classes,  objects  and  associations  often  gives  new 
insights  on  the  problem  that  allow  the  user  to  simplify  and 
generalize  the  design. 


6.  Executable  Models 

The  models  of  (XXTSFs  can  be  directly  executed:  the  edges 
of  the  object  constraint  graph  are  labeled  with  logical 
formulae  ^fining  the  constraints  of  the  problem  at  various 
leveb  of  abstracdcm.  Such  formulae  can  be  either  executed 
by  an  interpreter  of  the  objea  constraint  gr^,  (x 
{wqnocessed  to  a  target  constraint-programming  language, 
not  necessarily  an  dbjea-orinted  one.  We  abstraa  away 
firmn  the  syntactic  details  of  such  a  language  by  taking  a 
multi-sorted  first-order  logic  in  which  the  domain  of 
interpretation  for  sons  has  been  fixed. 

The  logical  fomulae  are  obtained  by  comecting,  through 
logical  connectives,  predicate  symbols  whose  arguments  are 
terms,  i.e.,  constants,  objects,  classes,  objea  attributes  and 
class  attributes  as  well  as  functions  on  terms.  Fnmulae  on 
classes  induce  formulae  oi  objects,  called  instances  of  the 
given  formula.  They  are  obtained  by  r^lacing  each  class 
with  its  objects  or  the  objects  of  its  derived  (through 
inheritance)  classes,  in  all  the  possible  combinations.  A 
solution  is  an  assignment  of  dcnnain  values  to  object 
attributes  such  that  all  the  formulae,  including  those 
induced,  ate  satisfied  in  the  classical  sense. 

An  object  constraint  gr^h  can  be  preprocessed  to  an 
equivalent,  i.e.  with  the  same  solutions,  {xogram  written  in 
any  constraint-inogtamming  language.  Tbis  is  obtained  by 
replacing  each  class  association  with  its  instances,  so 
eliminating  classes  and  hieracfay.  The  resulting  formulae  on 
objects  are  the  constraints  of  the  program,  where  the  object 
attributes  are  the  variables. 
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7.  The  Bridge  Problem 

The  Bridge  Problem  is  a  classical  projea-plamting  problem 
consisting  of  detennining  tbe  starting  dates  of  tbe  tasks 
necessary  to  build  a  five-segment  Inidge.  Tbe  project 
includes  46  tasks  (Ai,  PI,  etc.)  that  process  11  bridge 
comptments  (abutment  Abl,  pUlar  Pll,  etc.)  and  employ  7 
resources  (excavator  Ex,  omcrete-mixer  CM,  etc.).  Tbe 
constraints  of  tbe  problem  include  77  disjunctive  constraints 
(tasks  Ai  and  A2  cannot  overlap  because  they  both  employ 
tbe  excavator,  tasks  72  and  T5  cannot  overlap  because  they 
both  employ  tbe  crane,  etc.),  66  precedence  constraints 
(execute  task  T5  before  task  V2,  execute  task  MS  before  task 
T4,  etc.)  and  25  specific  ccmstraints  (tbe  time  between  tbe 
cooqrletion  of  task  SI  and  tbe  completion  of  task  B1  is  at 
most  4  days,  tbe  time  between  tbe  completion  of  task  A4 
and  tbe  conqrletion  of  task  54  is  at  most  3  days,  etc.),  for  a 
total  of  168  constraints.  Our  methodology  is  now  employed 
to  design  tbe  Bridge  I*roblem. 

Uentify  Classes  uid  Objects.  Tbe  basic  class  of  tbe 
problem  is  Task.  It  bas  14  subclasses  (Excavation, 
Foundation,  etc.),  cbaracterized  by  tbe  fact  that  all  tbe  tasks 
in  one  of  sucb  classes  employ  tbe  same  resource.  Each  task 
of  the  problem  is  an  objea  of  the  model. 

Uentify  the  Semantics  of  These  Classes  and  Objects. 
Each  task  is  cbaracterized  by  six  attribuies:  name,  start  time, 
duration,  Inidge  con^onent  that  it  operates  on,  resource  that 
it  etr4>loys  and  set  of  tasks  that  come  before  it  The  start 
time  is  the  unknown  to  be  determined:  its  dcmiain  is  0..200, 
meaning  that  the  start  time  of  each  task  is  initially  unknown, 
it  will  be  automatically  determined  by  tbe  system,  and  it 
must  be  included  between  0  and  200  days  (an  estimated 
iqyper  bomxl). 

Uentify  the  Associations  Anmng  These  Classes  and 
Objects.  Tbe  77  disjunctive  constraints  and  tbe  66 
precedence  constraints  ate  expressed  as  just  two  class 
constraints,  referred  to  as  Inunction  and  Precedence 
teq)ectively.  Tbe  25  specific  ccmstraints  are  also  expressed 
at  class  level  and  referred  to  as  K1-K5. 

Uentify  tbe  Semairiics  of  These  Assodations.  Tbe 
semantics  of  these  assodatitms  is  specified  by  tbe  following 
formulae  on  classes: 

Dirjwieiim.  IF  ^asU.mource  s  Task2.res<»irc€  AND 
TasklMMie  *  Task2.txmit) 

THEN  ^(CuU-ttart  +  TmkJJumtim  S  TaikXstart  OR 
Tadt2Mirt*TaM  Juration  iTatkLstart) 
freeodence.  IP  (TasUjtame  €  Taskiftwious) 

THEN  (TuklMirt  *  TaJtUuration  <  TaJtZjtart) 

wbete  TaskJ  and  rask2  are  two  instances  of  tbe  same  class 
Tadt.  Tbe  60  specific  constraints  can  also  be  expressed  at 
class  level: 


KJ.  IF  (FonnM>ork.i>art  s  Foundation.part) 

THEN  (jFounJationjtart  *  F aundationuturation  ■  4  S 
Fonmvork.slart  *  FonnworkJunUian) 

IQ.  IF  (Excavation.part  =  FormworiLpart) 

THEN  {FonmooriLtlart  •  3  S  Excavalionjtart  * 

ExcavationJuiatian) 

KS.  ErtcUonatart  S  Formwork-slart  •  6 

K4.  Masenry.ttart  *  Masonry  Juration  -  2  S  RetnovaLsian 

KS.  Ddivery.start  s  BoginaingJlart  >  30 

Model  Complexity.  Tbe  design  of  the  Bridge  Problem  is 
complete  (see  Fig.  3).  It  consists  of  1  base  class.  14  derived 
classes,  46  objects  and  7  class  constraints.  Tbe  fact  that 
there  are  no  constraints  on  objects  means  that  tbe  model  is 
well  conceived,  because  abstraction  bas  been  fully  exploited 
to  factorize  conunon  features.  As  a  result,  tbe  168 
constraints  of  the  problem  are  expressed  with  just  7  class 
constraints,  a  factor  of  21  times.  Other  models  can  be 
obtained  by  defining  resources  and  bridge  components  as 
objects,  rather  than  task  attributes.  Those  formulations  are 
mote  complex  in  terms  of  constraints,  but  mme  explicit  in 
terms  of  objects. 

Preprocessing.  The  object  constraint  graph  can  be 
preivocessed  to  a  target  constraint  language:  each  class 
constraint  induces  a  set  of  object  amstraints,  its  instances, 
obtained  by  replacing  class  symbols  by  symbols  of  objects 
of  that  class  or  a  derived  class  in  all  tbe  possible 
combinations.  Fee  example,  an  instance  of  Resource  is 

IF  (^.resource  -  A4.resourte  AND 
ASjtome*  A4.natne) 

THEN  (fl3jaatt*A3JurutianS,A4jiart  OR. 

A4jtart + A4 Juration  S  AS  Mart) 

where  A3  and  A4  are  object  symbols  of  the  Excavation 
class,  derived  frmn  Task;  an  instance  of  K1  is 

IF  iS2fart  =  BSfort) 

THEN  (JSSjtart  -f  BS.duraJon  .4S 
S2.start  *  SZduration) 

where  52  is  an  object  of  tbe  Formwork  class  and  is  an 
object  of  tbe  Foundation  class. 


Fig.  2.  The  five-segments  bridge. 
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8.  Discussioii 

lliis  wock  origiiiaies  firom  the  observadon  of  the  lack  of  a 
fitameworic  wtaeie 

•  CSPs  are  effectively  designed  through 

•  a  visual  methodology  producing 

•  models  directly  executaUe  by  tradititmal  ctmstraint 
programming  languages. 

A  design  methodology  for  CSFs  has  been  sketched  and 
illustrated  cm  an  exanqde.  It  is  object  oriented,  to  abstract 
varices  and  constraints,  and  visual,  to  be  more  intuitive 
and  effective.  The  possibility  of  executing  models  produced 
through  the  methology  has  been  discussed. 

Constraint-based  systems  integrating  either  visual  or  object- 
oriented  cooqxments  are:  Sketchpad  [SutdS],  a  pioneering 
visual  system  developed  at  the  beginning  of  the  sixties 
allowing  the  user  to  t^d  gemnetiic  objects  from  language 
primitives  and  certain  constraints;  ThingLab  [Bor79], 
providing  users  with  a  set  of  uxds  to  help  them  graphically 
represent  simulations  and  "experiments”  in  a  constraint- 
oriented  environment;  Sode  [Ifar86],  an  hybrid  system  that 
amtains  a  structured  partitioning  cnnponent  and  a 
cmistraint  comptment;  Garnet  [MGV92],  to  create  large- 
scale  user  interfaces  combining  pre-defined  objects  into 
coUectUms;  Kaleidoscope  |FBB92].  integrating  the 
declarative  nature  of  constraints  with  the  imperative  nature 
of  object-oriented  languages;  Dog-Solver  [^g92],  a  C++ 
library  of  classes  defining  variables,  constraints  and 
algorithms. 

Future  work  ocmoems  the  devdt^ment  of  a  tool  siqipoiting 
the  methodology  p,el93].  To  faciUtate  the  development  of 
qi^ications,  it  should  be  provided  with  a  Itbrary  of  models 
for  different  domains.  The  library  can  be  organized  tm 
different  levels:  the  first  level  includes  models  for  generic 
domains,  sudi  as  project  planning,  scheduling,  finance, 
resources  management,  etc.;  the  second  level  includes 
models  for  more  specific  domains,  such  as  oonstniction- 
project  management  and  strftware-projea  management  for 
the  project  r»— ««"f  domain;  production  scheduling  and 
meeting  for  the  scheduling  domain,  etc.  To  solve 

a  proUem,  die  user  selects  the  tyipropriate  model  and 
casttmizes  it  by  adding  or  deleting  nodes  and  edges. 
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Abstract 

This  paper  proposes  a  logic-based  approach  to  op¬ 
timisation  that  combines  solution  methods  from 
mathematical  progranuning  and  lo^c  program¬ 
ming.  From  mathematical  programming  it  bor¬ 
rows  strategies  for  exploiting  structure  that  have 
logic-based  analogs.  From  logic  programming  it 
borrows  methods  for  extracting  information  that 
are  unavailable  in  a  traditional  mathematical  pro- 
granuning  framework.  Logic-based  methods  also 
provide  a  unified  approach  to  solving  optimisation 
problems  with  both  quantitative  and  logical  con¬ 
straints. 

1  Introduction 

The  theory  and  practice  of  integer  and  mixed  in¬ 
teger  programming  are  based  primarily  on  polyhe¬ 
dral  methods.  The  thesis  of  this  paper  is  that  one 
can  develop  a  parallel  theory  and  practice  using 
logic-based  methods. 

The  basic  idea  is  to  replace  the  essential  elements 
of  optimization  methods  with  logical  analogs.  The 
integer  variables  are  regarded  as  atomic  proposi¬ 
tions,  and  inequality  constraints  involving  them 
are  rewritten  as  logical  formulas.  In  a  branch- 
and-cut  scheme,  discrete  relaxations  replace  the 
tradition  linear  programming  and  Lagrangiao  re¬ 
laxations,  and  they  are  solved  by  logic-based  al¬ 
gorithms.  Logical  implications  replace  cutting 
planes.  In  particular,  ‘^rime”  and  other  strong 
“logic  cuts”  replace  facet-defining  cuts.  Separating 

*Siim>orted  in  part  by  Office  of  Naval  Reaeardi  Grant 
N00014-92-J-1028  and  the  Ensineeting  Dedgn  Reaeardi 
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cuts,  Gomory  cuts,  etc.,  also  have  analogs.  Much 
of  the  theory  of  cutting  planes,  duality,  etc.,  has  a 
logical  counterpart. 

This  approach  can  combine  some  of  the  problem¬ 
solving  wisdom  accumulated  by  mathematical 
programmers  with  techniques  and  insights  from 
constraint  programming  and  logic  programming. 
Most  importantly,  the  optimization  community’s 
ways  of  exploiting  structure  (strong  cutting  planes, 
etc.)  carry  over  into  a  logical  context.  They  may 
also  take  on  greater  variety  and  adaptability  when 
moved  out  of  the  polyhedral  context.  Strong  cuts 
are  traditionaUy  found  by  studying  the  abstract 
polyhedral  structure  of  a  model.  But  strong  logic 
cuts  can  often  be  found  by  using  one’s  intuitions 
about  the  concrete  application  of  a  model,  even  in 
cases  where  the  polyhedron  is  far  too  complex  to 
analyze.  There  is  also  a  much  greater  variety  of 
problem  relaxations  in  the  logical  context. 

The  logical  tradition  also  makes  a  key  contri¬ 
bution.  Logic  processing  can  make  more  effective 
use  of  cuts,  once  they  are  discovered,  than  the  trar 
ditional  mathematical  programming  methods.  A 
branch-and-bound  method  typically  solves  a  relax¬ 
ation  of  the  constraint  set  generated  at  a  given 
node  of  the  search  tree  and  may  thereby  fail  to  rec¬ 
ognize  when  it  is  infeasible.  An  appropriate  con¬ 
straint  propagation  or  logical  inference  technique 
may  detect  infeasibility  and  avoid  the  generation 
of  successor  nodes.  The  rapid  speedup  of  propo¬ 
sitional  satisfiability  algorithms  over  the  past  few 
years  makes  logic  processing  of  this  sort  increas¬ 
ingly  attractive. 

So  the  logic-based  methods  described  here  go  be¬ 
yond  both  mathematical  programming  and  logic 
programming.  They  enrich  logic  programming 
with  strategies  for  discovering  structure  that  paral- 


lei  those  of  mathematical  programming.  They  en¬ 
rich  mathematical  programming  with  methods  for 
extracting  information  that  are  supplied  by  logic 
and  constraint  programming. 

This  paper  is  a  condensation  of  a  longer  tuto¬ 
rial  on  logic-based  methods  [7].  Its  main  contribu¬ 
tions  are  to  show  in  general  how  solution  strategies 
for  integer  amd  mixed  integer  programming  can  be 
given  logical  analogs,  and  to  outline  a  research  pro¬ 
gram  in  this  direction.  To  do  this  it  draws  on  a 
number  of  results  established  elsewhere  [6,  8,  9] 
and  presents  at  least  two  new  results,  those  of  log¬ 
ical  duality  and  the  logical  analysis  of  nonbipartite 
matching  problems. 

2  Historical  Context 

If  logic-based  methods  for  optimization  are  so  at¬ 
tractive,  why  have  they  not  gained  acceptance 
already?  Actually  there  is  nothing  new  about 
them.  Hammer  and  Rudeanu  \.rote  a  classic  1968 
treatise  [S]  on  boolean  methods  in  operations  re¬ 
search.  Granot  and  Hammer  [4]  showed  in  1971 
how  boolean  methods  might  be  used  to  solve  inte¬ 
ger  programming  problems. 

Although  boolean  methods  have  seen  applica¬ 
tions  (logical  reduction  techniques,  solution  of  cer¬ 
tain  combinatorial  problems),  they  have  not  been 
accepted  as  a  general-purpose  approach  to  opti¬ 
mization.  There  seem  to  be  two  main  reasons  for 
this.  One  is  that  they  have  not  been  demonstrated 
to  be  more  effective  than  branch-and-cut.  So  there 
has  been  no  apparent  advantage  in  converting  a 
problem  to  logical  form. 

A  second  reason  is  that  the  conversion  to  a  log¬ 
ical  problem  is  itself  hard.  The  most  straight¬ 
forward  way  to  convert  an  inequality  constraint 
to  logical  form,  for  instance,  is  to  write  it  as  an 
equi^^ent  set  of  logical  clauses.  But  the  number 
of  clauses  can  grow  exponentially  with  the  num¬ 
ber  of  variables  in  the  inequality.  Ck>nsider  for  in¬ 
stance  the  following  constraint  from  a  problem  in 
Nemhauser  and  Wolsey  ([11],  p.  465). 

300x3  -b  300x4  +  285x5  +  285x6  -b  265x8 
■b265x9  -b  230xi2  +  230xi3  -b  190xi4 
■+200x23 -b  400xj3 -b  200x24 -b  400x25  (1) 

+200x36  +  400x27  +  200x28  +  400x29 
+200x30  +  400x31  ^  2700. 


Barth  [1]  reports  that  this  constraint  expands  to 
117,520  nonredundant  logical  clauses,  using  the 
method  of  Granot  and  Hammer  [4]. 

So  for  several  years  prospects  for  logic-based 
methods,  as  a  general  approach  to  optimization, 
looked  bleak.  But  several  factors  have  recently 
converged  to  make  them  much  more  attractive. 
As  noted  earlier,  satisfiability  algorithms,  a  key 
element  of  logic-based  methods,  have  improved 
dramatically.  Also  it  is  foolish  to  expand  an  in¬ 
equality  constraint  into  its  full  logical  equivalent. 
This  is  anadogous  to  generating  all  possible  cut¬ 
ting  planes  for  an  integer  programming  problem, 
which  is  never  done.  Practical  algorithms  generate 
a  few  “separating  cuts,”  and  a  closely  anadogous 
approach  is  available  in  the  logicad  context. 

Further,  there  is  a  growing  trend  toward  the 
merger  of  quantitative  and  logical  elements  into  a 
single  model,  and  logic-baised  methods  are  a  natu¬ 
ral  approach  to  solving  such  models.  Purely  math¬ 
ematical  models  (integer  programming,  etc.)  are 
often  unsuitable  for  messy  problems  without  much 
mathematical  structure,  whereas  pure  logic  mod¬ 
els  (PROLOG  programs,  etc.)  do  not  capture  the 
mathematicad  structure  that  does  exist  and  are 
consequently  hard  to  solve.  Historically,  solution 
techniques  for  the  two  types  of  models  have  been 
unrelated.  A  technique  that  solves  both  opens  the 
door  to  a  wider  variety  of  tractable  models. 

Logic-based  optimization  also  serves  a  heuristic 
function  of  providing  a  whole  new  perspective  on 
optimization  problems.  In  fact,  it  is  in  some  ways 
more  natural  to  view  a  pure  integer  programming 
problem  as  a  logical  inference  problem  rather  than 
a  polyhedral  problem.  Similarly,  the  integer  vari¬ 
ables  of  a  mixed  integer  problem  can  be  viewed 
as  artificial  devices  that  can  just  as  well  be  elimi¬ 
nated. 

3  Integer  Programming  as 
Logical  Inference 

A  0-1  inequality  bx  >  P  can  be  viewed  as  a  logi¬ 
cal  proposition  that  is  true  when  the  inequality  is 
satisfied.  The  variables  Xj  are  viewed  as  atomic 
propositions  that  ue  true  when  xj  =  1  and  false 
when  Xj  =  0.  A  system  of  0-1  inequalities  Ax>  a 
implies  bx>  P  when  all  0-1  solutions  of  the  former 
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satisfy  the  latter.  Any  logical  proposition,  ineqnal- 
ity  or  otherwise,  implied  by  Az  >  a  is  a  logic  cut. 
The  foUowing  are  obvious  but  fundamental. 

Theorem  1  An  inequality  is  a  valid  cut  (in  the 
polyhedral  sense)  for  a  system  of  inequalities  if  and 
only  if  it  is  a  logic  cut. 

Theorem  2  Consider  an  integer  programming 
problem 

min  cx  (2) 

s.l.  Ai  >  a 

*i€{0. 1},  allj. 

The  optimal  value  of  the  objective  function  is  the 
largest  0  for  which  cx>  0  is  a  logic  cut. 

This  fact  can  be  framed  as  a  duality  relation¬ 
ship.  Tue  following  is  the  logical  dual  of  integer 
progtanuning  problem  (2). 

max  0  (3) 

s.t.  A*  >  a  implies  cx  >  0 

The  optimal  value  in  (3)  is  equal  to  the  opti¬ 
mal  value  of  (2).  There  is  a  close  connection  with 
linear  programming  duality,  which  is  obtained  by 
replacing  xj  €  {0, 1}  with  0  <  Zj  <  1  in  (2)  and 
‘implies’  with  ‘implies  as  a  nonnegative  linear  com¬ 
bination’  in  (3). 

4  A  Generic  Branch-and-Cut 
Algorithm 

Figure  1  contains  a  rudimentary  logic-based 
branch-amd-cut  adgorithm  (essentially  a  specialized 
A‘ 

search)  that  solves  the  integer  programming  prob¬ 
lem  (2).  It  combines  three  strategies  that  have 
proved  much  more  effective  in  combination  than 
when  used  separately:  an  enumeration  tree,  gen¬ 
eration  of  valid  separating  cuts,  and  solution  of 
relaxations  of  the  problem. 

Note  that  the  problem  is  not  solved  subject  to 
the  original  constraint  set  Az  >  a  but  to  a  set 

5  of  logic  cuts  (perhaps  logical  clauses)  for  these 
constraints.  The  cuts  are  generated  only  as  needed. 


Nodes  of  the  search  tree  are  obtained  by  branch¬ 
ing  on  the  cases  Xj  =  \,Xj  =  0.  At  each  node, 
an  optimization  problem  with  a  relaxed  constraint 
set  is  solved  to  obtain  a  lower  bound  on  the  opti¬ 
mal  value  of  the  original  problem.  If  this  bound 
is  already  greater  than  the  value  of  a  feasible  solu¬ 
tion  obtained  earlier,  there  is  no  point  in  generat¬ 
ing  successor  nodes.  Classically  the  relaxations  are 
usually  linear  (replace  Xj  €  {0, 1}  with  0  <  Zj  <  1) 
or  Lagrangean,  but  a  wide  variety  of  discrete  re¬ 
laxations  are  possible  in  the  logical  setting.  The 
simplest  is  to  minimize  cz  subject  to  each  clause 
in  5  separately  (a  trivial  problem)  and  pick  the 
best  bound  so  obtsuned. 

Finally,  logic  processing  is  applied  to  make  ex¬ 
plicit  some  constraints  that  were  only  explicit. 
Traditionally  this  has  been  achieved  by  generat¬ 
ing  valid  inequalities  (cuts)  with  coefficients  cho¬ 
sen  so  that  the  linear  relaxation  is  as  tight  as  pos¬ 
sible,  preferably  a  facet  of  the  convex  hull  of  0-1 
solutions.  In  a  logic-based  setting,  logic  processing 
can  be  applied  either  in  the  form  of  a  satisfiability 
algorithm  or  a  cut  generation  algorithm,  or  both. 
The  former  would  normally  be  an  incomplete  pro¬ 
cedure,  such  as  unit  resolution  (which  happens  to 
be  equivalent  in  deductive  power  to  solving  the  tra¬ 
ditional  linear  relaxation).  The  latter  would  gener¬ 
ate  separating  logic  cuts,  which  are  those  that  are 
violated  by  the  solution  just  obtained  for  the  cur¬ 
rent  relaxation.  Coefficients  are  no  longer  relevant, 
but  the  logic  cuts  should  be  strong  (i.e.,  exclude  as 
many  0-1  solutions  as  possible). 

5  Strong  Cuts 

The  logical  analog  of  a  facet-defining  cut  is  a  prime 
cut,  which  is  defined  with  respect  to  a  class  C 
of  logical  propositions.  A  prime  cut  for  a  system 
Az  >  a  of  inequalities  is  a  logic  cut  F  that  is  equiv¬ 
alent  to  any  cut  in  C  that  is  implied  by  Az  >  a 
and  implies  F.  It  is  a  prime  inequality  if  C  is  the 
set  of  8dl  inequalities  (with  integer  coefi&cients  and 
right-hand  side). 

Useful  logic  cuts  in  practice  need  not  and  or¬ 
dinarily  would  not  be  prime  cuts.  But  an  inves¬ 
tigation  of  of  how  prime  cuts  can  in  principle  be 
generated  provides  insight  into  the  nature  of  strong 
logic  cuts. 

A  fundamental  result  of  integer  programming. 
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_ I _ Figure  1: _ 

Logic-Based  Branch-and-Cut  Algoriths. 

Set  UB>oo. 

Execute  Branch(l,0). 

End. 

Procedure  Branch(S,ik) 

If  Jb  s  0  then 

the  optinal  aolution  is  the  best  found  so  far 
(infeasible  if  none  found);  stop. 

Apply  a  partial  or  conplete  satisfiability  algoritha  to  5. 
If  no  contradiction  is  found  then 

Find  the  nininun  LB  of  cx  subject  to  a  rslaxation  of  5. 
If  LB<UB  then: 

Generate  separating  logic  cuts. 

Branch: 

Pick  a  literal  L  containing  a  variable 
that  occurs  in  S. 

Perform  BranchCSu  {!.},  A  +  1)  • 

Perform  Branch(5 U  {-'£},  A  -f  I)  • 

End. 


due  to  Chvatal  [3],  says  that  a  finite  procedure  gen¬ 
erates  all  facet-defining  inequalities  (the  strongest 
cutting  planes)  for  a  0-1  system  Ax  >  a.  A  par¬ 
allel  result  can  be  proved  for  logic-based  program¬ 
ming  [6],  Let  a  clausal  inequality  have  the  form 
ox  >  1  +  n(o),  where  each  aj  €  {0, 1,  —1}  and 
n(a)  is  the  sum  of  the  negative  components  of  a. 
For  instance,  the  inequality  xi  +  (1  —  X3)  >  1,  or 
*1  —  *5  >  0i  represents  the  logical  clause  zi  V  -txj. 
A  resolvent  of  two  clausal  inequalities  is  simply  the 
clausal  inequality  that  represents  the  resolvent  of 
the  corresponding  clauses.  Let  a  diagonal  sum  be 
defined  as  illustrated  by  the  following  example. 

Xi  Sxj  -f-  3x3  -f  #  ^  ^  4 
2xi  -t-  4x3  -p  3x3  -f  X4  >  4 
2xi  +  5x3  -f-  2x3  +  *4^4 

2xi  -J-  6x3  +  3x3  ^  4 

2xj  -p  5x3  3x3  -l-  X4  >  5 

The  fifth  inequality  is  the  diagonal  sum  of  the  first 
four.  Note  that  the  first  four  inequalities  are  iden¬ 
tical  except  that  the  diagonal  term  is  reduced  by 
one.  Also  the  right-hand  side  of  the  sum  is  in¬ 
creased  by  one. 

A  resolvent  can  be  “generated”  from  a  set  5  of 
inequalities  if  it  is  a  resolvent  of  two  clausal  in¬ 
equalities,  each  of  which  is  implied  by  a  single  in¬ 


equality  of  S.  A  diagonal  sum  is  “generated”  in  a 
similar  sense.  Finally,  let  a  set  T  of  inequalities  be 
monotone  when  T  contains  all  clausal  inequalities, 
and  for  any  given  inequality  ax  >0  +  n(a)  inT,T 
contains  all  inequalities  a'x>  ^  +  n{a')  such  that 
|a'|  <  )a|  and  <  0. 

Theorem  3  Lei  T  be  a  monotone  set  of  inequal¬ 
ities,  and  let  S  contain  all  resolvents  and  diago¬ 
nal  sums  tn  T  in  that  can  be  recursively  generated 
from  a  feasible  0-1  system  Ax  >  a,  up  to  equiv¬ 
alence.  Then  every  prime  inequality  for  Ax  >  a 
with  respect  to  T  is  equivalent  to  some  inequality 
in  S. 

The  ranA  of  a  logic  cut  (analogous  to  the  Chvatal 
rank  of  a  polyhedral  cut)  is  the  minimum  number 
of  iterations  of  this  recursive  procedure  required  to 
generate  the  cut. 

6  Example:  Matching 
Problems 

Logic  cuts  can  be  stronger  and  therefore  more  use¬ 
ful  than  facet-defining  cuts.^  A  good  illustration 


’This  section  represents  joint  work  with  Ajai  Kiu>oor. 


of  this  is  a  nonbipartite  matching  problem.  The 
augmenting  paths  traditionally  used  in  the  best 
matching  algorithms  [11]  in  effect  rely  on  logic  cuts 
that  strictly  imply  the  less  useful  facet-defining  in¬ 
equalities  (odd-set  constraints)  for  the  problem. 

A  matching  problem  is  defined  on  an  undirected 
graph  (V,  E)  for  which  each  edge  in  £  is  given  a 
weight.  The  edges  connect  vertices  that  may  be 
matched  or  paired,  and  a  matching  pairs  some  or 
all  of  the  vertices.  A  matching  can  therefore  be 
regarded  as  a  set  of  edges,  at  most  one  of  which 
touches  any  given  vertex.  The  weighted  matching 
problem  is  to  find  a  maximum  weight  matching; 
i.e.,  matching  that  maximizes  the  total  weight  of 
the  edges  used  in  the  matching. 

The  matching  problem  can  be  written, 

max  51  *«  (^) 

<€£ 

s.t.  ^  Xg  <1,  for  «  €  V  (5) 

e6<(«) 

Xg  €  {0, 1},  e  €  E, 

where  6(v)  is  the  set  of  edges  incident  to  v.  Xg  is  1 
when  e  is  part  of  the  matching  and  0  otherwise. 

The  convex  hull  of  possible  matchings  has  a  par¬ 
ticularly  simple  description.  It  is  based  on  the  fact 
that  a  matcWig  for  a  graph  (U,  E)  with  an  odd 
number  of  vertices  can  have  at  most  ^  edges.  So 
the  following  odd  set  constraints  are  v^d: 

53  Xg  <  all  C/^  C  V  with  117|  >  3  and  odd, 
«€£(C/) 

(6) 

where  E(U)  contains  the  edges  in  the  subgraph  of 
(V,jp)  induced  by  U.  In  fact  (5)-(6)  define  the 
convex  hull  of  matchings. 

For  the  purposes  of  logical  analysis  it  is  con- 
veninent  to  reverse  the  sense  of  the  matching  con¬ 
straints  (5)  smd  odd  set  construnts  (6)  by  replacing 
variables  z«  with  y«  =  1  —  Zo  so  that  Pe  =  1  when 
edge  e  is  absent  &om  the  matching. 

^  y*>  I^Cw)!  - 1,  for  w  e  V  (7) 
*€<(») 

E  ye>\EiU)\-B 

all  £/ C  V  with  |I/|  >  3  and  odd.  (8) 

The  following  is  proved  in  [7]. 


Figure  2;  A  very  small  matching  problem. 


Theorem  A  An  odd  set  constraint  (7)  for  a 
matching  problem  is  a  logic  cut  of  rank  at  most 

Odd  set  constraints  are  strictly  implied  by  aug¬ 
menting  path  cuts.  Consider  a  matching  problem 
on  the  simple  graph  of  Fig.  6.  The  odd  set  con¬ 
straints  (facet-defining  cuts)  are  simply  the  match¬ 
ing  constraints  j/i  4-  yz  >  1  and  yz  +  ys  >  1-  They 
are  strictly  implied  by  the  augmenting  path  cut 
yi  +  2y2  4-  ys  >  2,  which  says  that  either  edge  2  is 
not  in  the  matching  or  else  edges  1  and  3  are  not 
in  the  matching. 

In  general  a  path  of  odd  length  whose  edges  cor¬ 
respond  to  pj, , . . . ,  y;„  defines  an  augmenting  path 
cut, 

+  •  •  •  + 

+2»=i„.  > 

which  says  that  if  the  (m-f- 1)/2  odd  segments  be¬ 
long  to  a  matching,  then  none  of  the  (m  —  l)/2 
even  segments  may  belong  to  it,  and  vice-versa. 

7  Mixed  Integer  Program¬ 
ming 

Consider  a  general  mixed  integer  programming 
(MIP)  problem, 

min  cz  4-  dy  (9) 

s.t.  Ax  4-  By  >  a 

Vi  €  {0,1},  j  =  l,...,n, 

A  0-1  point  y  is  feasible  if  (z,  y)  is  feasible  for  some 
z.  Each  0-1  value  of  y  is  associated  with  a  poly¬ 
hedron  ll(y)  in  z-space,  namely  the  set  of  points 
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satisfying  (9)  when  y  is  so  fixed.  The  feasible  re¬ 
gion  can  therefore  be  regarded  as  the  union  of  II(y) 
over  all  feasible  y. 

To  write  an  MIP  in  logical  form,  regard  the  yj ’s 
as  atomic  propositions. 

min  ex  +  dy  (10) 

s.t.  y  G  y 

*€  U  W. 

Here  y  £Y  represents  a  set  of  logical  propositions. 
(10)  is  actually  more  general  than  (9),  due  to  a 
theorem  of  Jeroslow  [9,  10].  It  states  that  (10) 
can  be  written  in  the  form  (9)  if  and  only  if  the 
polyhedra  II(y)  all  have  the  same  recession  cone. 

An  MIP  in  form  (10)  can  be  solved  by  a  branch- 
and  cut  algorithm  that  enumerates  linear  program¬ 
ming  constraint  sets  defining  n(y)’8,  where  the 
enumeration  is  controlled  by  the  logical  proposi¬ 
tions  y  €  y.  The  enumeration  can  be  markedly 
accelerated  by  the  use  of  an  expanded  sense  of  lo^c 
cuts  that  obtain  in  an  MIP  setting,  namely  a  non- 
valid  logic  cut.  These  may  cut  off  feasible  solutions 
but  do  not  change  the  optimal  solution. 

8  An  MIP  Example 

Suppose  one  wants  to  decide  which  of  three  pro¬ 
cessing  units  to  install  in  the  processing  network 
of  Fig.  3.  The  units  are  represented  as  boxes.  Nat¬ 
urally  one  must  inrtall  unit  3  if  the  network  is  to 
process  anything,  and  one  must  install  units  1  or 
2.  Let’s  suppose  in  addition  that  units  1  and  2 
should  not  both  be  installed.  There  is  a  variable 
cost  associated  with  the  flow  through  each  unit, 
a  fixed  cost  with  building  the  unit,  and  revenue 
with  the  finished  product.  If  Zj ’s  represent  flows 
as  indicated  in  Fig.  13  and  yj’s  are  0-1  variables 
indicating  which  units  are  installed,  the  problem 
has  the  following  MIP  nodel. 

min  3*3  -f  2.8*5  —  9*?  -1-  2*i  -f 


*1  +  *2  +  ^3 

(11) 

*1  —  *2  —  *4  =  0 

(12) 

*6  —  *3  —  *5  =  0 

(13) 

*3  -  0.9*2  =  0 

(14) 

*5  -  0.85*4  =  0 

(15) 

*7  —  0.75*6  =  0 

(16) 

*7  <  10 

(17) 

*3  —  30yx  <  0 

(18) 

*5  -  30y2  <  0 

(19) 

*7  —  SOys  <  0 

(20) 

yi+V2  <1 

(21) 

Zi  =  14yi 

(22) 

Z3  =  12y2 

(23) 

Z3  =  lOya 

(24) 

Xj  >  0,  all  j 

tfi.yz.yse  {0, 1}. 

Constraints  (12)-(13)  are  flow  balance  constraints. 
(14)-(16)  specify  yields  from  the  processing  units. 
(17)  boun^  the  output.  (18)-(20)  are  “Big  M” 
constraints  that  prohibit  flow  through  a  unit  unless 
it  is  built.  (22)-(24)  define  the  fixed  costs. 

A  conventional  branch-and-bound  tree  for  this 
problem  appears  in  Fig.  4.  Note  that  the  optimal 
solution  is  to  build  none  of  the  units. 


9  LogiC’Based  Solution  of  an 
MIP 

I  will  now  illustrate  how  logic-based  branch-and- 
bound  can  solve  an  MIP  problem  in  logical  form.  It 
is  convenient  to  suppose  that  the  objective  function 
of  (10)  is  simply  c*.  This  can  be  done  by  introduc¬ 
ing  a  continuous  variable  zj  for  each  dj  ^  0,  letting 
the  Zj  have  coefficient  1  in  the  objective  function, 
and  augmenting  n(y)  with  the  constraint  zj  =  dj 
whenever  y,-  =  1.  The  generic  algorithm  appears 
in  Fig.  5. 

The  example  of  the  previous  section  is  put  in 
logical  form  as  follows.  Note  first  that  the  objec¬ 
tive  function  is  already  of  the  form  c*.  The  set  S 
of  logical  constraints  is  simply  {-■yi  V  which 
corresponds  to  constraint  (21).  The  linear  con¬ 
straint  set  II(y)  consists  of  constraints  (12)-(17), 
nonnegativity  constraints,  and  the  following: 

*3  =  0  if  yi  =  0,  *1  =  14  if  yi  =  1 

*5  =  0  if  y2  =  0,  *2  =  14  if  y2  =  1  (25) 

*7  =  0  if ys  =  0,  Z3  =  14  if  ys  =  1 
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Figure  3:  A  simple  processing  network. 


Figure  4:  Branch*and-boun<l  solution  of  a  small  mixed  integer  programming  problem. 


Node  1 

Value  of  relaxation  =  -13.96 
(»i.»2,»3)  =  (0,0.444,0.2) 


Node  2  Node  7 

Relaxation  =  —12.15  Relaxation  =  -7.29 

y  =  (0.444, 0,0.2)  y  =  (0,1, 0.2) 


Node  3  Node  4  Node  8  Node  9 

Relaxation  =  0  Relaxation  =  —4.37  Relaxation  =  12  Relaxation  =  0.71 

y  =  (0,0,0)  y  =  (l, 0,0.2)  y  =  (0,l,0)  y  =  (0,l.l) 


Node  5  Node  6 

Relaxation  =  14  Relaxation  =  3.63 

y  =  (1,0,0)  y  =  (1,0,1) 
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Logic-BMcd  Br«iich-«Bd-Cnt  AlgorithM  for  NIP. 

Sot  UB~oo,  y  =  (m . «)  («h«r«  %  snndotorBinod) . 

Ezocut*  Br«nch(f,y,0) . 

End. 

Procodur*  Bruich(S.ib) 

If  fc  s  0  then 

the  optinel  aolntion  is  the  best  found  so  far 
(infeasible  if  none  found);  stop. 

Apply  a  pajrtial  or  co^klete  satisfiability  algorithn  to 
S,  fixing  sons  variables  in  y  if  possible. 

If  no  contradiction  is  fobnd,  then 

Find  the  nininun  LB  of  cx  subject  to  z  €  n(y) . 

If  LB<UB  then: 

Generate  separating  logic  cuts. 

Branch: 

Pick  a  literal  L  containing  a  variable 
that  occurs  in  S. 

Perf om  Branch(5  U  {£},  y,  1  + 1) . 

Perf om  Brsnch(5  U  {->X},  y,  1  + 1) . 


Note  that  n(y)  is  defined  even  when  some  compo¬ 
nents  of  y  aie  undetermined  {y,  =  u). 

BefoK  solving  this  example,  it  is  useful  to  in¬ 
troduce  in  the  next  section  some  additional  logic 
cuts. 


10  Nonvalid  Logic  Cuts 

In  the  context  of  mixed  integer  programming  it  is 
useful  to  define  a  more  general  sense  of  logic  cut. 
Let  the  graph  G  for  a  mixed  integer  optimization 
problem  (10)  be  the  set 

{(cz  +  dy,  *, »)  1  y  €  y,  *  €  IJ  n(y)}. 

i&r 

The  epigraph  E  is 

{(«.  *.  tf)  I  *,y)€G  for  some  z'  <z}. 

The  projection  of  the  epigraph  onto  the  space  of 
continuous  variables  is 

{(z,  *)  I  (z,  x,y)€E  for  some  y}. 

A  logic  cut  in  the  extended  sense  is  a  constraint 
y  €  T  that,  when  added  to  the  constraint  set  of 


(10),  results  in  the  same  projected  epigraph.  The 
cut  is  valid  if 

Un(y)=  U  n(y). 
yey  vernT 

A  cut  can  be  nonvalid  (i.e.,  cut  off  feasible  values 
of  y),  but  it  never  changes  the  value  of  the  optimal 
solution. 

Some  nonvalid  logic  cuts  can  be  generated  for  the 
example  of  the  previous  section  as  follows.  Note 
that  it  makes  no  sense  to  consider  a  solution  in 
which  a  unit  is  installed  but  carries  no  flow.  Yet 
such  solutions  can  and  do  occur  in  the  branch- 
and-bound  tree.  Nodes  5  and  8  of  Fig.  4  have 
LP  solutions  in  which  the  installed  unit  carries  no 
flow.  Clomputational  experience  [8,  12]  suggests 
that  such  superfluous  nodes  can  be  very  numerous 
in  a  branch-and-bound  tree. 

This  situation  can  be  prevented  by  adding  con¬ 
straints  that  allow  a  unit  to  be  installed  only  if  a 
downstream  unit  is  installed: 

->yi  V  ya  (26) 

->y7  V  ys  (27) 

and  only  if  at  least  one  upstream  unit  is  installed: 

yi  V  ya  V  -lya.  (28) 
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These  are  nonvalid  logic  cuts  because  they  cut  off 
feasible  values  of  (yi ,  yj,  93).  It  is  shown  in  [8]  that 
they  essentially  exhaust  the  nonvalid  logic  cuts  for 
such  a  problem. 

Figure.  2  displays  the  search  tree  for  a  logic- 
based  solution  of  the  example  that  uses  (26)-(28). 
Note  that  the  tree  is  smaller  than  the  branch-and- 
bound  tree  of  Fig.  4.  The  superfluous  nodes  S  and 
8,  as  well  as  other  nodes,  have  been  deleted. 

Logic-based  methods  have  been  applied  to  MIP 
modds  of  chemical  processing  network  design 
problems  [8].  They  solve  larger  problems  sub¬ 
stantially  more  rapidly  than  a  state-of-the-art  MIP 
solver  with  preprocessor  (OSL),  and  in  some  cases 
solve  problems  that  OSL  cannot  solve.  Logic  cuts 
are  also  being  appUed  to  truss  structure  design 
problems  with  discrete  bar  sizes  [2]. 

References 

[1]  Barth,  P.,  Linear  0-1  inequalities  and  ex¬ 
tended  clauses,  manuscript,  Max-Planck- 
Institut  fur  Informatik,  W-6600  Saarbrucken, 
Germany,  ca.  1993. 

[2]  BoUapragada,  R.,  O.  Ghattas  and  J.  N. 
Hooker,  Logic-based  optimization  of  truss 
structure  design,  Carnegie  Mellon  University, 
in  preparation. 

[3]  Chvatal,  V.,  Edmonds  polytopes  and  a  hierar¬ 
chy  of  combinatorial  problems.  Discrete  Maik- 
ematics  4  (1973)  305-337. 

[4]  Granot,  F.,  and  P.  L.  Hammer,  On  the  use  of 
boolean  functions  in  0-1  linear  progranuning. 
Methods  of  Operations  Research  (1971)  154- 
184. 

[5]  Hammer,  P.  L.,  and  S.  Rudeanu,  Boolean 
Methods  in  Operations  Research  and  Related 
Areas,  Springer  Verlag  (Berlin,  New  York, 
1968). 

[6]  Hooker,  J.  N.,  Generalized  resolution  for  0-1 
inequalities.  Annals  of  Mathematics  and  A/ 6 
(1992)  271-286. 

[7]  Hooker,  J.  N.,  Logic-based  methods  for  op¬ 
timization:  A  tutorial,  presented  at  ORSA 
Computer  Science  Technical  Section  meeting, 
Williamsburg,  VA,  USA,  January  1994. 


[8]  Hooke;,  J.  N.,  H.  Yan,  1.  E.  Grossmann,  and 
R.  Raman,  Logic  cuts  for  processing  networks 
with  fixed  costs.  Computers  and  Operations 
Research  21  (1994)  265-279. 

[9]  Jeroslow,  R.  E.,  Representability  in  mixed 
integer  programming,  I:  Characterization  re¬ 
sults,  Discrete  Applied  Mathematics  17  (1987) 
223-243. 

[10]  Jeroslow,  R.  E.,  and  J.  K.  Lowe,  Modeling 
with  integer  variables.  Mathematical  Program¬ 
ming  Studies  22  (1984)  167-184. 

[11]  Newhauser,  G.  L.,  and  L.  A.  Wolsey,  Inte¬ 
ger  and  Combinatorial  Optimization  (Wiley, 
1988). 

[12]  Raman,  R.,  and  I.  E.  Grossmann,  Relation 
between  MILP  modeling  and  logical  inference 
for  chemical  process  synthesis.  Computers  and 
Chemical  Engineering  15  (1991)  73-84. 


204 


Figure  6:  Logic-based  solution  of  the  problem  with  nonvalid  logic  cuts. 


Node  1 
Logic  cuts: 

-'m  V  ->y3 
-•yi  Vas 
-«»  Vya 
yi  V  yj  V  -•»s 
Value  of  LP  = -21.29 
(yi.y2.»3)  =  (0.0.444,0.2) 


Node  5 

Apply  unit  resolution: 
fixed  yj  =  ys  =  1; 
no  clauses  remain. 
Value  of  LP  =  0.81 
feasible 


Node  2 

Apply  unit  resolution: 
no  variables  fixed, 
simplified  cuts  ate 
"’yi  Vya 
yi  V  ■*»ys 

Value  of  LP  =  -20.37 


Nodes 

Apply  unit  resolution: 
fixed  yi  sr  ya  =  0 
no  clauses  remain. 
Value  of  LP  =  0 
feasible,  backtrack. 


Node  4 

Apply  unit  resolution: 
fixed  yi  =  ys  =  1. 
no  clauses  remain. 
Value  of  LP  =  3.63 
feasible;  backtrack. 
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Abstract 

Constiamt  satisfactioa  can  be  seen  as  a  dynamic  process  that  approaches  the  sedation  set  of  the 
constraints  asymptotically  [8].  Constraint  programming  is  seen  as  creating  a  dynamic  system  with 
the  desired  property.  We  have  developed  a  semantic  model  for  dynamic  systems,  Constraint  Nets, 
which  serves  as  a  nsefiil  abstract  target  machine  for  constraint  programming  languages,  providing  both 
semantics  and  pragmatics.  Generalising,  here  we  view  a  constraint-based  dynamic  system  as  a  dynamic 
system  which  approaches  the  sedation  set  of  the  constraints  infinitely  often.  Most  robotic  systems  are 
constraint-based  dynamic  systems  with  tasks  specified  as  constraints.  In  this  paper,  we  further  explore 
the  specification  and  verification  of  constraint-based  dynamic  systems.  We  first  develop  generalised  V- 
antomata  for  the  specification  and  verification  of  general  (hybrid)  dynamic  systems,  then  explicate  the 
rdationship  between  constraint-based  dynamic  systems  and  their  desired  behavior  specifications. 


1  Motivation  and  Introduction 

We  have  previously  proposed  viewing  constraints  as  relations  and  constraint  satisfaction  as  a  dynamic  process 
of  approaching  the  solution  set  of  the  constraints  asymptotically  [8].  Under  this  view,  constraint  program¬ 
ming  is  the  creation  of  a  dynamic  system  with  the  desired  property.  We  have  developed  a  semantic  model  for 
dynamic  systems,  Constraint  Nets,  which  serves  as  a  useful  abstract  target  machine  for  constraint  program¬ 
ming  languages,  providing  both  semantics  and  pragmatics.  Properties  of  various  discrete  and  continuous 
constraint  method  for  constraint  programming  were  also  examined  [8]. 

Generalizing,  here  we  omsider  a  constraint-based  dynamic  system  as  a  dynamic  system  which  approaches 
the  solution  set  of  the  constraints  infinitely  often.  One  of  the  motivations  for  this  view  is  to  design  and 
analyze  a  robotic  system  composed  of  a  controller  that  is  coupled  to  a  plant  and  an  environment.  The 
desired  behavior  of  the  controller  may  be  specified  as  a  set  of  constraints,  which,  in  general,  vuy  with  time. 
Thus,  the  controller  should  be  synthesized  so  as  to  solve  the  constraints  on-line.  Consider  a  tracking  system 
where  the  target  may  move  &om  time  to  time.  A  well-designed  tracking  control  system  has  to  ensure  that 
the  target  can  be  tracked  down  infinitely  often. 

Here  we  start  with  general  concepts  of  dynamic  systems  using  abstract  notions  of  time,  domains  and 
traces.  With  this  abstraction,  hybrid  as  weU  as  discrete  and  continuous  dynamic  systems  can  be  studied  in  a 
unitary  framework.  The  behavior  of  a  dynamic  system  is  then  defined  as  the  set  of  possible  traces  produced 
by  the  gyston. 

In  order  to  specify  desired  behaviors  of  a  dynamic  system,  we  develop  a  formal  specification  language, 
a  generalised  version  of  V-automata  [3].  In  order  to  verify  that  a  dynamic  system  satisfies  its  behavior 
specification,  we  develop  a  formal  modd  checking  method  with  generalized  Liapunov  functions. 

*Sbdl  Canada  Pdlow,  Canadian  Institnta  for  Advanced  Rawaidt 
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A  constraint-baaed  dynamic  system  is  a  special  type  of  dynamic  system.  We  explore  the  properties  of 
constraint-based  dynamic  systems  and  constraint-based  behavior  specifications,  then  relate  system  verihca- 
tion  to  control  asmtbesis. 

The  rest  of  the  pi^er  is  organised  as  follows.  Section  2  briefly  presents  concepts  of  general  dynamic 
systems  and  constraint  net  modc^g.  Section  3  develops  generalized  V-automata  for  specifying  and  verifying 
desired  behaviors  of  dynamic  systems.  Section  4  characterises  constraint-based  dynamic  systems  and  their 
behavior  specifications.  Section  5  concludes  the  paper  and  points  out  related  work. 

2  General  Dynamic  Systems 

In  this  section,  we  first  introduce  some  basic  concepts  in  general  dynamic  systems:  time,  domains  and  traces, 
thoi  present  a  formal  model  for  general  dynamic  systems. 

2.1  Concepts  in  dynamic  systems 

In  order  to  model  dynamic  systems  in  a  unitary  framework,  we  present  abstract  notions  of  time  structures, 
domains  and  traces.  Both  time  structures  and  domains  are  defined  on  metric  spaces. 

Let  H'*’  be  the  set  of  nonnegative  real  numbers.  A  metric  space  is  a  pair  {X,  d)  where  X  is  a  set  and 
d  :  X  X  X  — » H*  is  a  metric  defined  on  X,  satisfying  the  following  axioms  for  all  x,  y,  z  €  X: 

1.  d(x,y)  =  d(y,x). 

2.  d(x,  y)  +  d(y,  z)  >  d(x,  z). 

3.  d(x,  y)  =  0  iff  X  s  y. 

In  a  metric  space  {X,d),  d(x,y)  is  called  "the  distance  between  z  and  3/”.  We  will  use  X  to  denote  the 
metric  space  (X,  d)  if  no  ambiguity  arises. 

A  time  stmetare  is  a  metric  space  (T,d)  where  T  is  a  totally  ordered  set  with  a  least  element  0,  d 
is  a  metric  satistying  Vto  <  ti  <  ty  :  d(tQ,ti)  s  d(to,ti)  d{ti,t2).  We  will  use  T  to  denote  the  time 
structure  (T,  d)  if  no  ambiguity  arises.  A  discrete  or  continuous  time  structure  can  be  defined  according 
to  the  topology  of  its  metric  space.  For  example,  the  set  of  natural  numbers  can  define  a  discrete  time 
structure,  a  left  closed  interval  of  real  numbers  can  define  a  continuous  time  structure. 

A  domain  is  a  metric  space  (A,d}.  Let  v  :  T  — A  be  a  function  from  a  total  order  T  to  n  domain  A. 
A  point  a*  €  A  is  a  limit  of  v,  iff  VeitoVf  >  to  :  d(v(t),a*)  <  e.  Any  limit  is  unique  if  it  exists.  We  will 
use  limv  to  denote  the  limit  of  v  if  it  exists  and  if  it  does  not.  Cleuly,  if  T  has  a  greatest  element  to, 
limv  =  v(to). 

A  trace  «  :  T  — »  A  is  a  fimction  from  a  time  structure  7  to  a  domain  A.  Let  T  C  7  be  a  downward 
closed  subset  of  7,  i.e.  t  €  7  implies  Vt'  <  t  :  t'  €  7.  We  use  limv|7  to  denote  the  limit  of  v  on  the  total 
order  7.  For  simplicity  in  representation,  we  introduce  the  following  notions:  given  a  time  structure  (7,  d) 
and  a  real  numb«  r  €  H*, 

•  preii)  =  {t'  €  7|f'  <  t),  and  i>(pre(t))  =  limw|^,(,); 

•  t  —  r  =  {t'  6  7|t'  <  t,  d(t, t')  >  r},  and  »(t  -  t)  =  limv|i-r ; 

•  t -I-  T  =  {t'  e  7|t'  > f,d(f,t')  <  r}. 

Clearly,  pre(t)  =  t  —  Q.  If  7  is  discrete,  v(pre(t))  is  the  value  of  the  previous  time  point  and  pre{t)  =  t  -  r 
whatever  . r  is  small  enough. 

A  time  structure  7  is  infinite  iff  Vm  >  0,3to  €  7,Vt  >  to  :  d(0,t)  >  m.  We  will  restrict  ourselves  to 
infinite  time  structures.  This  is  not  a  real  restriction,  since  any  time  structure  7  can  be  extended  to  an 
infinite  one  7'  D  7  by  letting  v(t)  =  limt/ir  for  all  t  ^  7. 
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2.2  Constraint  Nets:  a  model  for  dynamic  systems 

We  have  developed  a  semantic  model,  Constraint  Nets,  for  general  (hybrid)  dynamic  systems  [10].  We  have 
used  the  Constraint  Net  model  as  an  abstract  target  machine  for  constraint  programming  languages  [8], 
while  constraint  progranoming  is  considered  as  designing  a  dynamic  system  that  approaches  the  solution  set 
of  the  given  constraints  asymptotically. 

Intuitively,  a  constraint  net  consists  of  a  finite  set  of  locations,  a  finite  set  of  transductions,  each  with 
a  finite  set  of  input  ports  and  an  output  port,  and  a  finite  set  of  connections  between  locations  and  ports 
of  transductions.  A  location  can  be  regarded  as  a  wire,  a  channel,  a  variable,  or  a  memory  location,  whose 
values  may  change  over  time.  A  transduction  is  a  mapping  from  input  traces  to  output  traces,  with  the 
causal  restriction,  viz.  the  output  value  at  any  time  is  determined  by  the  input  values  up  to  that  time.  For 
example,  a  temporal  integration  with  an  initial  value  is  a  typical  transduction  on  a  continuous  time  structure 
and  any  state  automaton  with  an  initial  state  defines  a  transduction  on  a  discrete  time  structure. 

A  location  f  is  the  output  location  of  a  transduction  F,  iff  /  connects  to  the  output  port  of  F;  /  is  an 
tnpaf  location  of  F,  iff  /  connects  to  an  input  port  of  F.  Let  CN  be  a  constraint  net.  A  location  /  is  an 
output  location  of  if  /  is  an  output  location  of  some  transduction  in  CN  otherwise  it  is  an  input  location 
of  CAT.  The  set  of  input  locations  of  CN  is  denoted  by  I(CN),  the  set  of  output  locations  of  CAT  is  denoted 
by  0(CNy,  CN  is  closed  if  I(CN)  =  9  otherwise  it  is  open. 

Semantically,  a  transduction  F  denotes  an  equation  Iq  =  F(/i ,...,/»)  where  lo  is  the  output  location  of 
F  and  (/i , . . . ,  /n)  is  the  tuple  of  input  locations  of  F.  A  constraint  net  CN  denotes  a  set  of  equations,  each 
corresponds  to  a  transduction  in  CN.  The  semantics  of  CN  is  a  ‘solution’  of  the  set  of  equations  [10],  which 
is  a  set  of  pairs  of  input  and  output  traces  satisfying  the  equations.  Let  Lc  =  I(CN)uO(CN)  and  {Ai}ig£c 
be  a  set  of  domains  in  CN.  A  state  s  of  CN  is  a  mapping  from  the  set  of  locations  to  their  corresponding 
domains:  i.e.  s  €  x^cA}.  Therefore,  the  semantics  of  CN  is  also  a  set  of  state  traces  with  domain  xteAj. 

We  have  modeled  two  types  of  constraint  solvers,  state  transition  systems  and  state  integration  systems, 
in  constraint  nets.  The  former  models  discrete  dynamic  processes  and  the  latter  models  continuous  dynamic 
processes  [8].  Hybrid  dynamic  systems,  with  both  discrete  and  continuous  components,  can  also  be  modeled 
in  constraint  nets  [10,  9].  The  behavior  of  a  dynamic  system  is  defined  as  a  set  of  possible  input/output 
traces  produced  by  the  system,  in  our  case,  the  semantics  of  the  constraint  net  which  models  the  system. 

We  illustrate  the  constraint  net  modeling  with  two  simple  examples.  The  first  is  a  ‘standard’  example 
of  Cat  and  Mouse  modified  from  [1].  Suppose  a  cat  and  a  mouse  start  running  from  initial  positions  Xc  and 
Xm  respectively,  Xe  >  Xm  >  0,  with  constant  velocities  Vg  <Vm  <  0.  Both  of  them  will  stop  running  when 
the  cat  catches  the  mouse,  or  the  mouse  runs  into  the  hole  in  the  wall  at  0.  The  behavior  of  this  system  is 
modeled  by  the  following  equations  CMi: 

*«  =  j{Xg){Vg  c), 

Xm  = 

C  =  (Xe  >  Xm)  A  (Xm  >  0) 

where  f(X)  is  a  temporal  integration  with  initial  state  X.  At  any  time,  c  is  1  if  the  running  condition 
(xe  >  Xm)  A  (xm  >  0)  is  satisfied  and  0  otherwise.  Let  be  the  set  of  real  numbers  and  B  =  {0, 1}.  This  is 
a  closed  syston.  The  state  of  this  system  is  (xe,Xm>c)  €‘Ji  x7l  x  B,  with  its  initial  state  {Xe.  Xm,  !)■  If  the 
cat  catches  the  mouse  before  the  mouse  runs  into  the  bole  in  the  wall  at  0,  i.e.  0  <  Xe  <  Xm>  the  cat  wins; 
if  the  mouse  runs  into  the  hole  before  the  cat,  i.e.  Xm  <  0  <  Xe,  the  mouse  wins. 

Connder  another  Cat  and  Mouse  problem,  where  the  controller  of  the  cat  is  synthesized  from  its  con¬ 
straint  specification,  i.e.  Xe  =  Xm-  Suppose  the  plant  of  the  cat  obeys  the  dynamics  u  =  Xc  where  u  is 
the  control  input,  i.e.  the  velocity  of  the  cat  is  controlled.  One  possible  design  for  the  cat  controller  uses 
the  gradient  descent  method  [8]  on  the  energy  function  (xm  —  Xc)^  to  synthesize  the  feedback  control  law 
u  —  k-  (xm  —  Xe),  k  >  0  where  the  distance  between  the  cat  and  the  mouse  Xm  —  Xc  can  be  sensed  by  the 
cat.  The  cat  can  be  modeled  as  an  open  constraint  net  with  two  equations  CMj: 

Xe=  J{Xt)u,  «=fc  (Xm-Xc). 

Will  the  cat  catch  the  mouse? 
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3  Generalized  V- Automata 

While  modeling  focuses  on  the  underlying  structure  of  a  system,  the  organization  and  coordination  of  com¬ 
ponents  or  subs}rsteins,  the  overall  behavior  of  the  modeled  system  is  not  explicitly  expressed.  However,  for 
many  situations,  it  is  important  to  specify  some  global  properties  and  guarantee  that  these  properties  hold 
in  the  proposed  design. 

We  advocate  a  formal  approach  to  specifying  desired  behaviors  2ind  to  verifying  the  relationship  between 
a  dynamic  system  and  its  behavior  specification.  A  trace  v  :  7  A  is  a  generalization  of  a  sequence.  In  fact, 
when  7  is  the  set  of  natural  numbers,  v  is  an  infinite  sequence.  A  set  of  sequences  defines  a  conventional 
formal  language.  If  we  take  the  abstract  behavior  of  a  system  as  a  language,  a  specification  can  be  represented 
as  an  automaton,  and  verification  checks  the  inclusion  relation  between  the  language  of  the  system  and  the 
language  accepted  by  the  automaton. 

There  is  always  a  trade-off  between  the  power  of  representation,  i.e.,  the  class  of  languages  the  type 
of  automaton  can  accept,  and  the  power  of  analysis,  i.e.  the  computability  of  checking  the  acceptance  of 
traces.  We  would  like  the  type  of  automaton  to  be  powerful  enough  to  state  certain  temporal  and  real¬ 
time  properties,  yet  simple  enough  to  have  formal,  semi-automatic  or  automatic  verifications.  We  generalize 
V-automata  [3]  and  Liapimov  functions  for  our  purposes. 

V-automata  are  non-deterministic  finite  state  automata  over  infinite  sequences.  These  automata  were 
proposed  as  a  formalism  for  the  specification  and  verification  of  temporal  properties  of  concurrent  programs. 
It  has  been  shown  that  V-automata  have  the  same  expressive  power  as  Buchi  automata  [6]  and  the  extended 
temporal  logic  (ETL)  [7],  which  are  strictly  more  powerful  than  the  linear  propositional  temporal  logic  [6,  7]. 
Mote  importantly,  there  is  a  formal  verification  method  [3]. 

In  this  section,  we  generalize  V-automata  to  specify  languages  composed  of  traces  on  continuous  as  well 
as  discrete  time  structures,  and  modify  the  formal  verification  method  [3]  by  generalizing  Liapunov  functions 
[fi]  and  the  method  of  continuous  induction  [2]. 

3.1  Behavior  Specification 

Let  an  assertion  be  a  logical  formula  defined  on  states  of  a  dynamic  system,  i.e.  any  assertion  o  on  a  given 
state  s,  denoted  a(s),  will  be  evaluated  to  either  true,  s  ^  a,  or  false,  s  a. 

A  V-sstomston  A  is  a  quintuple  (Q,R,S,e,e)  where  Q  is  a  finite  set  of  automaton-states,  A  C  Q  is  a 
set  of  recurrent  states  and  5  C  Q  is  a  set  of  stable  states.  With  each  7  €  Q,  we  associate  an  assertion  e{q), 
which  characterizes  the  entry  condition  under  which  the  automaton  may  start  its  activity  in  7.  With  each 
pail  q,q'  €Q,  we  associate  an  assertion  c(q,g'),  which  characterizes  the  transition  condition  under  which  the 
automaton  may  move  from  7  to  7'.  R  and  5  are  the  generalization  of  accepting  states  to  the  case  of  infinite 
inputs.  We  denote  by  B  =  Q  —  [RO  S)  the  set  of  non-accepting  (bad)  states. 

A  V-automaton  is  called  complete  iff  the  following  requirements  are  met: 

•  V,€Q  *(«)  “ 

•  For  every  7  €  (?,  V,'€<J 

We  will  restrict  ourselves  to  complete  automata.  This  is  not  a  real  restriction,  since  any  automaton  can  be 
transformed  to  a  complete  automaton  by  introducing  an  additional  error  state  q£  £  B,  with  the  correspond¬ 
ing  entry  condition  and  transition  conditions  [3]. 

Let  7  be  a  time  structure  and  v  :  7  — » A  be  a  trace.  A  run  of  A  over  v  is  a  trace  r  :T  -*  Q  satisfying 

1.  Initialitr  v(0)  e(r(0)); 

2.  Consecution: 

•  inductivity;  Vf  >  0,37  €  <?  ^  <  r  <  6  :r{t  —  r)  =  q  and  v{t)  }=  c(r(t  -  t),  r(t))  and 

•  continuity;  Vt,  37  £  Q  and  i  >  0,  Vt'  €  t  -1-  5  ;  r(t')  =  7  and  w(/')  c(r(t),  r(f')). 

It  is  easy  to  check  that  when  7  is  discrete,  the  two  conditions  in  Consecution  are  reduced  to  one,  i.e. 
Vf  >  0,  v(t)  1=  c{r(pre(t)),  r(l));  and  if,  in  addition,  A  is  complete,  every  trace  has  a  run.  However,  if  7  is 
not  discrete,  even  if  ,4  is  complete,  not  every  trace  has  a  run.  For  example,  a  trace  with  infinite  transitions 
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among  Q  within  a  finite  interval  has  no  run.  A  trace  v  is  specifiable  by  A  iff  there  is  a  run  of  A  over  v.  The 
behavior  of  a  system  is  specifiable  by  A,  iff  every  trace  of  the  behavior  is  specifiable. 

'  If  r  is  a  run,  let  Inf{r)  be  the  set  of  automaton-states  appearing  infinitely  many  times  in  r,  i.e. 
Inf{r)  =  {fIVtBto  >  t,  r(to)  =  ?}•  Clearly,  if  T  has  a  greatest  element  to.  !”/(•’)  =  ’’(^o)  A  run  r  is  defined 
to  be  accepting  iff: 

1.  Inf{r)  n  ii  ^  9,  i.e.  some  of  the  states  appearing  infinitely  many  times  in  r  belong  to  R,  or 

2.  Inf(r)  C  5,  i.e.  all  the  states  appearing  infinitely  many  times  in  r  belong  to  5 

A  V-automaton  A  accepts  a  trace  v,  written  t;  |=  .4,  iff  all  possible  runs  of  A  over  v  are  accepting.  A 
V-automaton  A  accepts  a  dynamic  system  S,  written  S  |=  iff  for  every  trace  v  of  the  behavior  of  5, 
w  1=  v4. 

One  of  the  advantages  of  using  automata  as  a  specification  language  is  the  graphical  representation.  It  is 
useful  and  illuminating  to  represent  V-automata  by  diagrams.  The  basic  conventions  for  such  representations 
are  the  following: 

•  The  automaton-states  ate  depicted  by  nodes  in  a  directed  graph. 

•  Each  initial  state  is  marked  by  a  small  arrow,  called  the  entry  arc,  pointing  to  it. 

•  Arcs,  drawn  as  arrows,  connect  some  of  the  states. 

•  Each  recurrent  state  is  depicted  by  a  diamond  shape  inscribed  within  a  circle. 

•  Each  stable  state  is  depicted  by  a  square  inscribed  within  a  circle. 

Nodes  and  arcs  are  labeled  by  assertions.  A  node  or  an  arc  that  is  left  unlabeled  is  considered  to  be 
labeled  with  true.  The  labels  define  the  entry  conditions  and  the  transition  conditions  of  the  associated 
automaton  as  follows: 

•  Let  g  €  Q  be  a  node  in  the  diagram.  If  9  is  labeled  by  and  the  entry  arc  is  labeled  by  (p,  the  entry 
condition  e(q)  is  given  by:  e{q)  =  A  If  there  is  no  entry  arc,  c(g)  =  false. 

•  Let  g,g'  be  two  nodes  in  the  diagram.  If  g'  is  labeled  by  and  arcs  from  g  to  g'  are  labeled  by 

<Pi,  i  =  l..n,  the  transition  condition  c(g,  g')  is  given  by:  c(g,  g')  =  (^1  V . . .  V  ^„)  A  If  there  is  no  arc 
fcom  g  to  g',  c(g,  g')  =  false. 

A  diagram  representing  an  incomplete  automaton  is  interpreted  as  a  complete  automaton  by  introducing 
an  error  state  and  associated  entry  and  transition  conditions. 

This  type  of  automaton  is  powerful  enough  to  specify  various  qualitative  behaviors.  Some  typical 
desired  behaviors  ate  shown  in  Fig.  1.  Figure  1(a)  accepts  a  trace  which  satisfies  ->C?  only  finitely  many 
times.  Figure  1(b)  accepts  a  trace  which  never  satisfies  B,  and  Figure  1(c)  accepts  a  trace  which  will  satisfy 
5  in  the  finite  fiiture  whenever  it  satisfies  R.  For  the  Cat  and  Mouse  examples,  we  can  have  the  formal 


Figure  1:  V-automata:  (a)  goal  achievement  or  reachability  (b)  safety  (c)  bounded  response 
behavior  specifications  shown  in  Fig.  2. 
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Escaped: 

Cau^: 

Figure  2;  (a)  Either  the  cat  wins  or  the  mouse  wins  (b)  The  cat  catches  the  mouse  persistently 


3.2  System  Verification 

Given  a  constraint  net  model  of  a  discrete-  or  continuous-time  dynamic  system,  and  a  V-automaton  specifi¬ 
cation  of  a  desired  behavior,  a  formal  method  is  developed  here  for  verifying  that  the  constraint  net  exhibits 
its  desired  behavior. 

Let  CN  be  a  constraint  net  model  of  a  dynamic  system,  whose  behavior  is  a  set  of  traces.  Let  {ip)CN{^l)} 
denote  the  validity  of  the  consecutive  condition:  for  every  trace  v  of  the  behavior  of  CN , 

a  W  >  0, >  0,  VO  <  r  <  ;  v(<  —  r)  ^  ^  implies  v{t)  V*  and 

•  Vt,  35  >  0,  V<'  6 1  +  i  :  »(<)  f=  >p  implies  «(<')  ^ 

Clearly,  if  T  is  discrete,  these  two  conditions  are  reduced  to  one:  Vt  >  0,  v{pre{t))  ^  (p  implies  v{t)  t= 

Let  CN  be  a  constraint  net  with  the  set  of  locations  Lc  and  the  set  of  states  xuAi,  6  be  an  assertion 
indicating  the  initial  state  of  CN,  and  A  =  (Q,  R,  5,  e,  e)  be  a  V-automaton.  A  set  of  assertions  {ot}}^ eO 
called  a  set  of  invariants  for  CN  and  A  iff 

•  InHialitf.  V^  €  Q-B  A  e(q)  — ►  Oj. 

•  Consecution:  {0(5,5')  -+  a,*}. 

Given  that  {a, is  a  set  of  invariants  for  CN  and  A,  a  set  of  partial  functions  {p, gQ  :  x  — » It* 

is  called  a  set  of  Liapunov  functions  for  CN  and  A  iff  the  following  conditions  are  satisfied: 

•  Definedness:  V5  €  Q  :  »  Bw-pj  =  u>. 

•  Non-increase:  : 

(a,  p,  =  u;}CJV{c(5, 5')  —  p,-  <  ly}. 

•  Decrease:  Let  tc  denote  the  current  time,  Be  >  0,V5  €  <?,5'  €  B  : 

{a,  A  p,  =  u;  A  «e  =  «}CAr{c(5, 5')  —  <  -e} 

Let  the  time  structure  be  infinite  with  either  discrete  or  continuous  topology.  We  conclude  that  if 
the  behavior  of  a  constraint  net  CN  is  specifiable  by  a  V-automaton  A  and  the  following  requirements  are 
satisfied  the  validity  of  A  over  CN  is  proved: 

(I)  Associate  with  each  automaton-state  5  €  Q  an  assertion  a,,  such  that  {Of  }f6Q  is  a  set  of  invuiants 
for  CiV  and  A 

(L)  Associate  with  each  automaton-state  5  €  Q  a  partial  function  p,  :  xicAi  — »  such  that  {p^I^eq  is 

a  set  of  Lii^unov  functions  for  CN  and  A. 
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As  in  [3],  the  verification  rules  (I)  and  (L)  are  sound  and  complete,  i.e.  A  accepts  CN  iff  there  exist  a 
set  of  invariants  and  Liapunov  functions. 

Theorem  1  Let  the  time  structure  be  infinite  with  either  discrete  or  continuous  topology.  If  the  behavior  of 
a  constraint  net  CN  is  specifiable  by  a'i -automaton  A,  verification  rules  (I)  and  (L)  are  sound  and  complete. 

Proof:  (Sketch)  Apply  the  method  of  continuous  induction  [2],  The  detailed  proof  is  shown  in  Appendix  A 
of  the  extended  version  of  this  paper.  □ 

We  illustrate  this  verification  method  by  the  Cat  and  Mouse  examples.  Consider  the  first  Cat  and  Mouse 
example  adopted  from  [1].  We  show  that  the  constraint  net  model  CMi  in  section  2  satisfies  the  behavior 
specification  in  Fig.  2(a). 

First  of  all,  the  V-automaton  in  Fig.  2(a)  is  not  complete.  To  make  it  complete,  add  an  ‘error’  state 
qs  €  B,  with  e(?js)  =  false,  e(qe,  qs)  =  true  and  c(qo,qB)  =  Xc  <  0.  It  is  easy  to  see  that  CMi  is  specifiable 
by  the  complete  V-autoi  .aton. 

Secondly,  associate  with  qo,qi,qi,qE  assertions  Running,  CatWins,  MouseWins  and  false  respec¬ 
tively.  Note  that 

{xe  >  Xm>  0}CMi{xc  <  0  — ►  false} 

since  Xc  is  continuous.  (Imagine  that  if  the  cat  jumps,  it  may  not  catch  the  mouse  but  hit  the  wall  instead. 
Fortunately,  this  is  not  the  case  here.)  Therefore,  the  set  of  assertions  is  a  set  of  invariants. 

Thirdly,  associate  with  qo,  qi,  jj,  qe  the  same  function:  p-.Tly.TixB  -*  R* ,  such  that  p(rc.  Xm,  0)  =  0 
and  p{xc,Xm,  1)  =  — (f^  +  f^)-  Clearly,  p  is  decreasing  at  90  with  rate  2  and  qs  can  never  be  reached. 
Therefore,  it  is  a  Liapunov  function. 

If  we  remove  the  square  □  from  node  in  Fig.  2(a),  i.e.  92  €  B,  the  modified  behavior  specification 
states  that  “the  cat  always  wins”.  Clearly,  not  every  trace  of  the  behavior  of  CM\  satisfies  this  specification. 
However,  if  the  initial  state  satisfies  ^  in  addition  to  Xc  >  Xm  >  0,  we  can  prove  that  “the  cat 

always  wins” . 

To  see  this,  let  A  =  ^  —  ^  and  let  Inv  denote  ^  =  A.  Associate  with  go,  gi,  92,  qe  assertions 
Running  A  Inv,  CatWins,  false  and  false  respectively!  Note  that 

{Running  A  Inv}CMi{Running  —*  Running  A  Inv} 

since  the  derivative  of  ^  —  pPH-  is  0  given  that  Running  is  satisfied;  rmd 

{Running  A  Inv}CMi{MouseW in  — ►  false} 

since  Zm  is  continuous.  Therefore,  the  set  of  assertions  is  a  set  of  invariants. 

Associate  with  90,91,92,9s  the  same  function:  p  -.Tix  Tlx  B  —*  Tl^ ,  such  that  p(xc,Xm,0)  =  0  and 
p{xc,  Xm,  1)  =  — (^  +  f^).  Again,  it  is  a  Liapunov  function. 

Consider  the  second  Cat  and  Mouse  example,  in  which  the  motion  of  the  mouse  is  unknown,  but  the 
cat  tries  to  catch  the  mouse  anyhow.  Clearly,  not  every  trace  of  the  behavior  of  the  constraint  net  CM2 
satisfies  the  behavior  specification  in  Fig.  2(b).  For  example,  if  Ze  =  Xm  sll  the  time,  the  distance  between 
the  cat  and  the  mouse  will  be  constant  and  the  cat  can  never  catch  the  mouse.  However,  suppose  the  mouse 
is  short-sighted,  i.e.  it  can  only  see  the  cat  if  their  distance  |xm  —  zd  <  (  <  c,  and  when  it  does  not  see  the 
cat,  it  will  stop  running  within  time  r. 

The  short-sighted  property  of  the  mouse  is  equivalent  to  adding  the  following  assumption  to  CM2'- 

{\xm  -Xe\>6AXm=  0}CM2{|Zm  -  *e|  >  ^  -+  Zm  =  0} 

i.e.  the  mouse  will  not  run  if  it  does  not  see  the  cat.  The  maximum  running  time  property  of  the  mouse  is 
equivalent  to  adding  the  following  assumption  to  CM2'  let  U  be  the  time  left  for  the  mouse  to  run  when  it 
does  not  see  the  cat, 

{|Zm  “  Ze|  <  h}CM2{\Xm  ~~  ®el  ^  ^  A  Zm  ^  0  — ♦  /*  ^  T") 
and 


{|Zm  -  Ze|  >  6  Aim  #  0  A/,  =  I  Ate  =t}CM2{\Xm  -  Xc\  >5AZmii0  —  1,  <  l-d{tc,t)}. 
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We  show  that  no  matter  how  fast  the  mouse  may  run,  the  cat  tracks  down  the  mouse  infinitely  often 
(including  the  case  in  which  the  mouse  is  caught  permanently). 

In  order  to  prove  this  claim,  we  may  decompose  the  automaton-state  qo  in  Fig.  2(b)  into  two  automaton- 
states  900  and  901  as  shown  in  Fig.  3.  This  automaton  is  not  complete.  To  make  it  complete,  add  an  ‘error’ 
state  9£  €  B  with  6(9^)  =  false,  c(q£,q£)  =  true  and  0(900,  9b)  =  Escape. 


Tfack: 

'V- 

>-£  j 

\  Kx^ 

Enape: 

1 

\ 

'*m- 

1  <E 

Figure  3:  A  refinement  of  the  cat-mouse  specification 

Associate  with  automaton-states  900,901,91, 9b  assertions  Track,  Escape,  Caught  and  false  respec¬ 
tively.  Note  that 

{TrackyCMiiEscape  —*■  false} 

because  of  the  short-sighted  property  of  the  mouse.  Therefore,  the  set  of  assertions  is  a  set  of  invariants. 

Let  dm  €  Tl*  be  the  maximum  distance  between  the  cat  and  the  mouse.  Associate  with  automaton- 
states  900,901,91,  9b  functions  and  p^^  respectively,  where 

P«oo  =  (®m  -  Xc?,  Pin  =  +  /».  Pix  =  Pis  =  ‘^m  + 

The  feedback  control  law  of  the  cat  guarantees  that  pq^  decreases  at  900  at  a  rate  not  less  thrm  2ke^.  The 
maximum  running  time  property  of  the  mouse  guarantees  that  pq„,  decrease  at  901  at  a  rate  not  less  than  1. 
Therefore,  the  set  of  functions  is  a  set  of  Liapunov  functions. 

4  Constraint-Based  Dynamic  Systems 

In  this  section,  we  first  explore  the  relationship  between  a  constraint  solver  anJ  ii.s  desired  behavior  specifi¬ 
cation,  then  define  constraint-based  dynamic  systems  as  a  generalization  of  <-  traint  solvers. 

4.1  Dynamic  process  and  constraint  solver 

Constraint  satisfaction  can  be  seen  as  a  dynamic  process  that  approaches  the  solution  set  of  the  constraints 
asymptotically,  and  a  constraint  solver,  modeled  by  a  constraint  net,  exhibits  this  required  behavior  [8]. 
Here  we  briefly  introduce  some  related  concepts. 

Let  (A,d}  be  a  domain.  Given  a  point  a  £  A  and  a  subset  A*  C  A,  the  distance  between  a  and 
A*  is  defined  as  d{a,A*)  =  infa*ei4*{<f(n,n*)}.  For  any  e  >  0,  the  (-neighborhood  of  A*  is  defined  as 
N*{A*)  =  {a\d(a,A*)  <  e};  it  is  strict  if  it  is  a  strict  superset  of  A*.  For  a  function  v  :T  —*  A  from  a  total 
order  T,  v  approaches  A*  iff  VeBfoVf  >  to  :  d{y{t).  A*)  <  e. 

Let  5  be  a  domain  indicating  a  state  space  and  T  be  a  time  structure  which  can  be  either  discrete  or 
continuous.  A  dynamic  process  p  is  a  function  p  :  S  ^  with  p(s)(0)  =  s,'ds£  S.  For  any  subset  5*  C  5, 
let  4piS*)  =  {p(»)(f)|s  €  5*,t  ^  T).  5*  is  an  equilibrium  of  p  iff  ^p(5*)  =  5*.  5*  is  a  stable  equilibrium  of 
p  iff  S*  is  an  equilibrium  and  :  ^p(W*(5*))  C  yV*(5*).  5*  is  an  attractor  of  p  iff  there  exists  a  strict 
e-neighborhood  N*(S*)  such  that  Vs  €  W*(5*),  p(s)  approaches  S*;  5*  is  an  attractor  in  the  large  iff  Vs  €  5, 
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jp{8)  i^kpioaches  5*.  If  5*  is  an  attractor  (in  the  iarge)  and  5*  is  a  stable  equilibrium,  S’  is  an  asymptotically 
stable  equilibrium  (in  the  large). 

Let  C  =  {C{}{e/  be  a  set  of  constraints,  whose  solution  sol(C)  =  {s|Vi  €  J  :  C,  (s)}  is  a  subset  of  a  state 
space  S.  A  consfratai  solver  for  C  is  a  constraint  net  CS  whose  semantics  is  a  dynamic  process  p  :  S 
with  8ol{C)  as  an  asymptotically  stable  equilibrium.  CS  solves  C  globally  iff  so/(C)  is  an  asymptotically 
stable  equilibrium  in  the  large. 

We  have  discussed  two  types  of  constraint  solvers:  state  transition  systems  and  state  integration  systems. 
Various  discrete  and  continuous  constraint  methods  have  been  presented,  and  also  analyzed  using  Liapunov 
functions  [8], 

4.2  Constraint-based  computation  and  control 

Given  a  set  of  constraints  C,  let  C*  denote  the  assertion  which  is  true  on  the  e-neighborhood  of  its  solution 
set,  N*(sol{C))  C  S,  and  let  A{C*;0)  denote  the  V-automaton  in  Fig.  4(a).  Cleeurly,  CS  solves  C  iff 
there  exists  an  initial  condition  6  D  sol(C)  such  that  Ve  :  C5(6)  A(C';  □);  CS  solves  C  globally  when 

6  =  5.  We  call  A(C‘;  □)  an  open  specification  of  the  set  of  constraints  C.  Note  that  it  is  important  to  have 


Figure  4:  Specification  for  (a)  Constraint  solver  (b)  Constraint-based  dynamic  system 

open  specifications,  otherwise,  if  we  replace  C*  with  sol{C),  a  constraint  solver  for  C  may  never  satisfy  the 
specification,  since  it  may  take  infinite  time  to  approach  sol(C). 

However,  requiring  the  integration  of  a  controller  with  its  environment  to  be  a  constraint  solver  is  still 
too  stringent  for  a  control  problem,  with  disturbance  and  uncertainty  in  its  environment.  If  we  consider  the 
solution  set  of  a  set  of  constraints  as  the  ‘goal’  for  the  controller  to  achieve,  one  relaxed  requirement  for  the 
controUer  is  to  make  the  system  stable  at  the  goal.  In  other  words,  if  the  system  diverges  from  the  goal  by 
some  disturbance,  the  controller  should  always  be  able  to  regulate  the  system  back  to  its  goal.  We  call  a 
system  CB  constraint-based  w.r.t.  a  set  of  constraints  C,  iff  Vc  ;  CB  ^  A(C‘;  O)  where  A{C‘;  O)  denotes 
the  V-automaton  in  Fig.  4(b).  In  other  words,  a  dynunic  system  is  constraint-based  iff  it  approaches  the 
solution  set  of  the  constraints  infinitely  often. 

We  may  relax  this  condition  further  and  define  constr^t-based  systems  with  errors.  We  call  a  system 
CB  constraint-based  w.r.t.  a  set  of  constraints  C  with  error  $,  iff  Vc  >  j  ;  CB  |=  A(C‘;0);  6  is  called  the 
steady-state  error  of  the  system.  Normally,  steady-state  errors  ue  caused  by  uncertainty  and  disturbance 
of  the  environment.  For  example,  the  second  cat-mouse  system  CM:  is  a  constraint-based  system  with 
steady-state  enot  6,  which  is  the  r^us  of  the  mouse  sensing  range. 

If  A{C*',  □)  is  considered  as  an  open  specification  of  a  constraint-based  computation  for  a  closed  system, 
A(C*;0)  can  been  seen  as  an  open  specification  of  a  constraint-based  control  for  an  open  or  embedded 
system. 

We  have  developed  a  systematic  approach  to  control  synthesis  from  requirement  specifications  [8].  In 
particular,  requirement  specifications  impose  constraints  over  a  system’s  global  behavior  and  controllers  can 
be  sjmthesised  as  embedded  constraint  solvers  which  solve  constraints  over  time.  By  exploring  a  relation 
between  constraint  satisfaction  and  dynamic  systems  via  constraint  methods,  discrete/continuous  constraint 
solvers  or  constraint-based  controllers  are  derived. 

We  have  developed  here  a  behavior  specification  language  and  a  formal  verification  method  for  dynamic 
systems.  With  this  approach,  control  synthesis  and  system  verification  are  coupled  via  requirement  specifi¬ 
cations  and  Liaptmov  functions.  If  we  consider  a  Liapunov  function  for  a  set  of  constraints  as  a  measurement 
of  the  degree  of  satisfaction,  this  function  can  be  used  for  both  control  synthesis  and  system  verification. 
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5  Conclusion  and  Related  Work 

We  have  presented  a  formal  specification  language,  called  generalized  V-automata,  for  desired  behaviors  of 
dynamic  systems.  We  have  also  presented  a  formal  verification  method,  using  generalized  Liapunov  functions, 
for  checking  that  a  dynamic  system  exhibits  its  desired  behavior.  A  constraint-based  dynamic  system  can 
be  modeled  by  a  constraint  net,  whose  desired  behavior  can  be  specified  by  a  V-automaton.  The  Liapunov 
functions  for  a  given  constraint  specification  can  be  used  for  both  control  synthesis  and  system  verification. 

Some  related  work  has  been  done  recently  along  these  lines.  Nerode  and  Kohn  have  proposed  the 
notion  of  open  specification  for  control  systems  [4].  Saraswat  et  al.  have  developed  a  family  of  timed 
concurrent  constraint  languages  for  modeling  and  specification  of  discrete  dynamic  systems  [5].  Problems  on 
specification  and  verification  of  hybrid  dynamic  systems  have  become  a  new  challenge  to  traditioned  control 
system  design  and  traditional  progranuning  methodologies  [1].  Our  work  is  unique  in  that  we  distinguish  the 
executable  (modeling)  and  logical  (requirement)  specifications,  and  develop  the  model  checking  technique 
based  on  properties  of  dynamic  systems. 
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Abstract 

There  has  been  substantial  recent  interest 
in  two  new  Emilies  of  search  techniques. 
One  family  consists  of  nonsystematic  meth¬ 
ods  such  as  GSAT;  the  other  contains  sys¬ 
tematic  apiMtoaches  that  use  a  polynomial 
amount  justification  information  to  prune 
the  search  space.  This  paper  introduces  a 
new  technique  that  combines  these  two  ap- 
inroaches.  The  algcnithm  allows  substantial 
freedom  of  movement  in  the  seardi  space 
but  enough  information  is  retained  to  en¬ 
sure  the  systematkity  at  the  resulting  anal¬ 
ysis.  Bounds  are  given  for  the  sise  of  the 
justification  database  and  conditions  are  |we- 
sented  that  guarantee  that  this  database  will 
be  polynomial  in  the  sise  of  the  problem  in 
question. 


1  INTRODUCTION 

The  past  few  years  have  seen  rapid  progress  in 
the  development  of  algorithms  for  scdving  constraint- 
satisfaction  problems,  or  CSPs.  CsFs  arise  naturally  in 
subfields  of  AI  from  planning  to  vinon,  and  examples 
indnde  propositional  theorem  {woving,  map  coloring 
and  sdieduling  juoUenu.  The  problems  are  difficult 
because  they  in^ve  search;  there  is  never  a  guarantee 
that  (for  example)  a  successful  coloring  a  portion  of 
a  large  map  can  ^  extended  to  a  coloring  of  the  map 
in  its  mitirety. 

The  algorithms  developed  recently  have  been  of  two 
types.  Sjfftematie  algorithms  determine  whether  a  so¬ 
lution  exists  by  searching  the  entire  space.  Locai  algo¬ 
rithms  use  hiDrdimbiag  techniques  to  find  a  solution 
quickly  but  are  notwysfemafrc  in  that  they  search  the 
entire  gpmee  in  onb^  a  probabilistic  sense. 

The  emintical  effectiveness  of  these  nonsystematic  al- 
gorithms  appears  to  be  a  result  of  their  ability  to  fol¬ 
low  local  gradients  in  the  search  space.  'Daditional 


systematic  procedures  ejq>lore  the  space  in  a  fixed  <u- 
der  that,  is  independent  of  local  gradients;  the  fixed 
order  makes  foOowing  local  gradients  impossible  but 
is  needed  to  ensure  that  no  node  is  examined  twice 
and  that  the  search  remains  systematic. 

Dynamic  backtracking  [6]  attempts  to  overcome  this 
iwoblem  by  retaining  spe^c  infrsmation  about  those 
portions  of  the  search  space  that  have  been  eliminated 
and  then  following  loctd  gradients  in  the  remainder. 
Unlike  previous  algorithms  that  recorded  such  dimi- 
nation  information,  such  as  dependency-directed  back¬ 
tracking  [15],  dynamic  backtracking  is  selective  about 
the  information  it  caches  so  that  only  a  polynomial 
amount  at  memory  is  required.  These  earlier  tech¬ 
niques  cadied  a  new  result  with  every  backtradc,  nnng 
an  amount  of  memory  that  was  linear  in  the  run  time 
and  thus  exponential  in  the  sise  of  the  jwoUem  being 
solved. 

Unfortnnatdy,  neither  dynamic  nor  dependency- 
directed  badrtraddng  (or  any  other  known  similar 
method)  is  truly  effective  at  local  maneuvering  within 
the  search  space,  since  the  basic  underlying  methodol¬ 
ogy  remains  simple  chronological  backtracking.  New 
techniques  are  included  to  make  the  search  more  ^- 
dent,  but  an  exponential  number  of  nodes  in  the  search 
space  must  still  be  examined  before  early  choices  can 
be  retracted.  No  existing  search  technique  is  able  to 
both  move  freely  within  the  search  space  and  keep 
track  of  what  has  been  searched  and  what  hasn’t. 

The  second  class  of  algorithms  developed  recently  pre¬ 
sume  that  freedom  of  movement  is  of  greater  impor¬ 
tance  than  systematidty.  Algmithms  in  this  class 
achieve  their  freedom  of  movement  by  abandoning  the 
conventional  description  of  the  search  space  as  a  tree 
of  partial  solutions,  instead  thinking  of  it  as  a  space  of 
total  asngnments  of  values  to  variables.  Motion  is  per¬ 
mitted  between  any  two  assignments  that  differ  on  a 
single  value,  and  a  hiB-dimbing  procedure  is  employed 
to  try  to  minimise  the  number  of  constraints  violated 
1^  the  overaD  assignment.  The  best-known  algorithms 
in  this  class  are  min-confiicts  [11]  and  GSAT  [14]. 
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I^-oonflicts  liM  been  applied  to  the  ichediiling  do¬ 
main  specifically  and  to  tchednle  tasks  on  the 
HnbUe  space  tdleseope.  GsAT  is  restricted  to  Boolean 
satisfiability  proUenu  (where  every  variable  is  as¬ 
signed  simply  true  or  fi^),  and  hu  led  to  remark¬ 
able  i«ogtess  in  the  s<dntion  of  randomly  generated 
problems  of  this  type;  its  performance  is  reported 
[13,  IS,  14]  as  snrpasaing  that  of  other  techniques  such 
as  simulated  annealing  [8]  and  systematic  techniques 
based  on  the  Davis-Pntnam  proc^ure  [4]. 

Gsat  is  not  a  panacea,  however;  there  are  many  prob¬ 
lems  on  which  it  perfimns  fairly  poorly.  If  a  problem 
has  no  solution,  for  examide,  gsat  will  never  be  able 
to  report  this  with  confidence.  Even  if  a  solution  does 
exist,  there  appear  to  be  at  least  two  possible  difficul¬ 
ties  that  GSAT  may  encounter. 

First,  the  GSAT  search  space  may  contain  so  many  local 
minima  that  it  is  not  how  gsat  can  move  so  as  to 
reduce  the  number  ci  constraints  violated  by  a  given 
assignment.  As  an  examfde,  consider  the  csp  of  gen¬ 
erating  crossword  pussies  by  filling  words  from  a  fixed 
dictionary  into  an  empty  firame  [7].  The  constraints 
indicate  that  there  must  be  no  conffict  in  each  of  the 
squares;  thus  two  words  that  begin  on  the  same  square 
must  alM  begin  with  the  same  lett<a:.  In  this  domain, 
getting  “dose’*  is  not  necessarily  aiqr  indieatioa  that 
the  problem  is  nearly  sdved,  since  cmrecting  a  oonfikt 
at  a  single  square  may  involve  modifying  much  of  the 
current  solutioa.  KonoGge  has  recently  reported  that 
GSAT  specifically  has  difficulty  solving  pioUems  of  this 
swt  [9]. 

Second,  gsat  does  no  forward  propagation.  In  the 
crossword  domain  once  again,  selecting  one  word  may 
vrdl  force  the  sdection  a  variety  subsequent 
words.  In  a  Boolean  satisfialality  proUem, 
one  variaUe  the  value  true  may  cause  an  immediate 
cascade  of  values  to  be  asagned  to  other  variables  via 
a  technique  known  as  untt  rttohMon.  It  seems  pkuri- 
Ue  that  forward  propagation  will  be  mcnre  common  on 
realistic  proUems  than  on  randomly  generated  ones; 
the  most  difficult  random  probk  fos  appear  to  be  tan¬ 
gles  of  dosdy  rdated  individnal  varkUes  while  nat¬ 
urally  occurring  jnoblems  tend  to  be  tangles  of  se¬ 
quences  of  rda^  variables.  Furthermore,  it  appears 
that  gsat’s  petformaace  degrades  (rdative  to  system- 
atic  raproaches)  as  these  sequences  of  variables  arise 

[5]. 

Our  aim  in  this  paper  is  to  describe  a  new  search  pto- 
cedure  that  appears  to  comlane  the  benefits  of  both  of 
the  eaifier  ^q)roaehes;  in  some  very  loose  sense,  it  can 
be  thought  of  as  a  syrtematk  vetsbn  of  gsat. 

The  next  three  sections  summarise  the  oripnal  dy¬ 
namic  badctrading  algorithm  [6],  presenting  it  firom 
the  perqyective  of  lo^  sear<^.  The  termination 
proof  is  mnitted  here  but  can  be  found  in  earlier  pa¬ 
pers  [8,  10].  Section  5  present  a  modification  of  dy¬ 


namic  backtracking  called  partial-order  dynamic  back¬ 
tracking,  or  FOB.  This  algorithm  builds  on  work  of 
McABester’s  [10].  Partial-order  dynamic  backtracking 
inovides  greater  flexibility  in  the  allowed  set  of  search 
directions  while  preserving  systematicity  and  polyno¬ 
mial  worst  case  space  usage.  Section  6  presents  a  new 
variant  of  dynamic  backtracking  that  is  still  more  flex¬ 
ible  in  the  allowed  set  of  search  directions.  While  this 
final  procedure  is  still  systematic,  it  can  use  exponen¬ 
tial  space  in  the  worst  case.  Section  7  presents  some 
empirical  results  comparing  FOB  with  other  weD  known 
algorithms  on  a  dass  of  local”  randomly  generated  3- 
SAT  proUems.  Concluding  remarks  are  contained  in 
Section  8,  and  pro<&  appear  in  the  full  paper. 

2  CONSTRAINTS  AND  NOGOODS 

We  begin  with  a  slightly  nonstandard  definition  o(  a 
CSF. 

Definition  2.1  By  a  constraint  satisfaction  problem 
(/,  V,  k)  we  will  mean  a  finite  set  I  of  variables;  for 
each  a  €  /,  there  is  a  finite  set  V,  of  possible  values 
for  the  variable  a.  k  is  a  set  of  constraints  each  of 
the  form  '•[(xj  =  vx)  A  •  *  •  A  (as  =  vs)]  where  each  Zj 
is  a  oortoUe  tn  7  and  each  is  an  element  of  . 
A  solution  to  the  CSF  w  an  assignment  P  of  values 
to  variables  that  satisfies  every  constraint.  For  each 
variable  a  we  require  that  P{z)  €  and  for  each  con¬ 
straint  ~>[(ai  =  vi)  A  •  >  •  A  (as  =  vs)]  we  require  that 
P{zi)  ^  Vi  far  some  Xi. 

By  the  sise  of  a  constraint-satisfaction  problem 
(7,  V,  k),  we  will  mean  the  product  of  the  domain  sizes 
of  the  various  varUAles,  fl.  1^1- 

Ihe  technical  convenience  of  the  above  definition  of  a 
constraint  will  be  dear  shortly.  For  the  moment,  we 
merdy  note  that  the  above  description  is  dearly  equiv¬ 
alent  to  the  conventional  one;  rather  than  represent 
the  constraints  in  terms  of  allowed  value  comlnnations 
for  various  variables,  we  write  axioms  that  disallow 
specific  value  combinations  one  at  a  time.  The  sise  of 
a  CSP  is  the  number  of  possible  assignments  of  values 
to  variables. 

Systematic  algorithms  attempting  to  find  a  solution 
to  a  CSP  typically  work  with  partial  solutions  that 
are  then  discovered  to  be  inexteasible  or  to  violate 
the  given  constraints;  when  this  h^pens,  a  backtrack 
occurs  and  the  par^  solution  under  consideration 
is  modified.  Sn^  a  procedure  will,  of  course,  need 
to  recmrd  information  that  guarantees  that  the  same 
partial  sdution  not  be  considered  again  as  the  search 
proceeds.  This  information  might  ^  rec<»ded  in  the 
structure  of  the  search  itself;  depth-first  seardi  with 
chronological  backtracking  is  an  example.  More  so¬ 
phisticate  methods  maintain  a  database  of  some  form 
indicating  explidtly  which  choices  have  been  elimi- 
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Mted  ud  whidi  haTe  oot.  In  this  paper,  we  aiU  me 
a  database  consisting  of  a  set  of  aopoodt  [5]. 

Deftnitkm  3,3  A  nogood  m  on  eqtresnon  of  the  form 
(sx  =  vi)  A  •  •  •  A  (sk  =  »fc)  ->  »  «  (1) 

A  nogood  can  be  used  to  represent  a  comtraint  as  an 
implication;  (1)  is  lopcaUy  eqaivalent  to  the  comtraint 

-i[(*X  =  »i)  A  •  •  •  A  (**  =  »*)  A  (*  =  »)] 

There  are  deariy  many  different  ways  of  representing 
a  given  constraint  m  a  nogood. 

One  special  nogood  is  the  empty  nogood,  which  is  tan- 
tdogkaUy  &lse.  We  wiD  denote  the  empty  nogood  by 
X;  if  ±  can  be  derived  from  the  given  set  of  constraints, 
it  follows  that  no  solution  exists  for  the  problem  being 
attempted. 

The  typical  way  in  whidi  new  nogoods  are  obtained  is 
reaving  together  dd  ones.  As  an  example,  snp> 
pose  we  have  derived  the  following: 

(n  =  a)  A  (y  =r  h)  -*■  ujivi 
(*  =  o)A(z  =  c)  a#»j 
(y  ss  4)  -»  a  #  «s 

where  vi,  Vj  and  «s  ate  the  only  values  in  the  domain 
of  «.  It  follows  that  we  can  comlnne  these  nogoods  to 
condude  that  there  is  no  solution  with 

(»  =  o)  A  (y  =  4)  A  (*  =  c)  (2) 

Moving  X  to  the  condusion  (2)  gives  m 

(a  =  o)  A  (y  =  4)  x  ^  c 

In  general,  suppose  we  have  a  collection  of  n<^oods  of 
the  form 

A  '  •  •  A  Mint  =«<«,->»/  Vi 

m  «  varies,  where  the  same  vaiiaUe  qipears  in  the 
conduskms  of  all  the  nogoods.  Suppose  further  that 
the  antecedents  all  agree  m  to  the  value  of  the  a^’s,  so 
that  any  time  a«  spears  in  the  antecedent  of  one  oi 
thenogoods,  it  isinaterm  ai  =  for  a  fixed  «<.  ffthe 
nogoods  collectively  *^im’u***  all  <ffthe  possible  values 
for  a,  we  can  condude  that  Aj(*i  ==  inconsistmit; 

moving  one  specific  at  to  the  condusion  gives  m 

A(»>  S=  Vf)  a*  ^  »k  (3) 

Am  before,  note  the  freedom  in  our  choice  of  variable 
appearing  in  the  condnsioa  of  the  nogood.  Since  the 
next  step  in  oar  search  algorithm  will  presumably  sat> 
isfy  (2)  by  AMiging  the  value  for  a*,  the  sdection  of 
consequent  variable  corresponds  to  the  didoe  of  vari¬ 
able  to  "fi^”  in  the  terms  used  by  osat  or  other  hill- 
dimhing  algorithms. 


Denmark 


England 


Figure  1;  A  small  map-coloring  problem 

As  we  have  remarked,  dynamic  backtracking  accumu¬ 
lates  information  in  a  set  (ff  nogoods.  To  see  how  this 
is  done,  consider  the  map  cdoring  {HtoUem  in  Figure  1, 
repeated  from  [6].  The  map  consists  of  five  countries: 
Albania,  Bnlga^  Csechoshnrakia,  Denmark  and  Eng¬ 
land.  We  assume  -  wrongly  -  that  the  countries  border 
each  other  as  shown  in  the  figure,  where  countries  are 
denoted  by  nodes  and  border  one  another  if  and  only 
if  there  is  an  arc  connecting  them. 

In  coloring  the  map,  we  can  use  the  three  cokus  red, 
green  and  blue.  We  will  typically  abbreviate  the  colors 
and  country  names  to  sin^  letters  in  the  obvious  aray. 
The  following  table  gives  a  trace  dhow  a  conventional 
dependency-^ected  baektraddag  sdieme  might  at¬ 
tack  this  luoblem*,  each  tow  shows  a  state  of  the  pro¬ 
cedure  in  the  middle  of  a  badktradk  step,  after  a  new 
nogood  has  been  identified  but  before  cdbrs  are  erased 
to  reflect  the  uew  conclusion.  The  cdoring  that  is 
about  to  be  removed  appears  in  boldface.  The  “drop* 
column  wiD  be  discussed  shortly. 


A 

B 

VC 

D 

E 

add 

drop 

r 

9 

■'r 

A  =  r-^C,ir 

1 

r 

9 

4 

T 

A  =  T  D  ^  T 

2 

r 

9 

4 

s 

B  —g  D^y 

3 

T 

9 

4 

4 

t 

A  =  r  E  ^  r 

4 

T 

9 

4 

4 

8 

B  =  g  E  ^  g 

5 

T 

9 

4 

4 

b 

D  =  b-^E:f:b 

6 

T 

9 

4 

b 

{A  =  r)A(B  =  g) 

7 

6 

■^Di^b 

T 

K 

4 

A  —  r-^B^g 

8 

3,5,7 

We  begin  by  coloring  Albania  red  and  Bulgaria  green, 
and  then  try  to  edor  Csechoslovalda  red  as  weD. 
Since  this  vidates  the  constraint  that  Albania  and 
Csechoslovakia  be  different  colors,  nogood  (1)  in  the 
above  table  is  produced. 

We  change  Csechoslovakia’s  color  to  due  and  then 
turn  to  Denmark.  Since  Denmark  cannot  be  colored 
red  or  green,  nogoods  (2)  and  (3)  appear;  the  only 
remaining  color  for  Denmark  is  due. 

Unf<»tnaatdly,  having  colored  Denmark  due,  we  can¬ 
not  cd<n  England.  The  three  nogoods  generated  are 
(4),  (5)  and  (6),  and  we  can  resdve  these  together  be¬ 
cause  Ae  thrM  conclusions  diminate  aO  of  the  poaride 
cdors  for  England.  The  result  is  that  there  is  no  sdu- 
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tioB  witk  (A  =  r)A{B  =  g)A(D  =  b),  vludi  «e  rewrite 
M  (7)  lAwVe.  Thtt  can  in  twn  be  reMhed  with  (3)  and 
(S)  to  get  (8)i  ooRoc^  indknting  that  the  color  red 
for  Albania  is  incraristat  with  tkt  choice  green  for 
Bnigaiia.  The  analjrais  can  coatinne  at  this  point  to 
gradnsAj  detemine  that  Bnigaiia  has  to  be  r^,  Dea> 
mark  can  be  green  or  bine,  and  England  mut  then  be 
the  color  not  chosen  for  Denmark. 

As  we  mentioned  in  the  introdnctioa,  the  proUem  with 
this  approach  is  that  the  set  F  of  nogoods  grows  mono- 
tonieally,  with  a  new  nogood  being  added  at  every 
step.  The  nnmber  ci  nogoods  stored  therefore  grows 
linearly  with  the  ran  time  and  thas  (presamably}  ez- 
p<meBtialiy  with  the  sise  of  the  problem.  A  related 
problem  is  that  it  may  become  increasingly  difficnlt  to 
extend  the  partial  solntion  P  withont  vkdiriing  one  of 
the  nogoods  in  F. 

Dynamic  backtraddag  deals  with  this  by 
nogoods  when  they  become  "iixdevant*  in  the  sense 
that  their  antecedents  no  longer  matdi  the  partial  ao- 
Intira  in  <inestion.  la  the  **»"«pi*  above,  nogoods  can 
be  fliminateH  as  indicated  in  Ae  flaal  ^nma  of  the 
trace.  When  we  derive  (7),  we  remove  (d)  becaase 
Denmark  is  no  longer  eokr^  bine.  When  we  derive 
(S),  we  remove  afl  the  nogoods  with  B  =  y  in  their 
antecedents.  Thns  the  only  infcrmation  we  retain  is 
that  Albania’s  red  color  predades  red  for  Csedioalo- 
vakia,  Denmark  and  England  (1,  2  and  4)  and  also 
green  for  Bnigaiia  (t). 

B  DYNAMIC  BACKTRACKING 

Dynamic  badtiackiag  nses  the  set  of  nogoods  to  both 
record  infarmatioa  sJ^t  the  portion  of  the  search 
space  that  has  been  eliminated  and  to  record  the  car- 
rent  partial  assjgnment  being  considered  by  the  inoce- 
dme.  The  entreat  partial  — is  ea^ed  in  the 
antecedents  of  the  cniicnt  aogood  set.  Idbre  formally: 

Dediritiom  S.1  An  acceptable  next  assignment  for  a 
noyood  set  F  is  an  tuaignment  P  aotufj^$%g  every  no- 
good  m  F  and  every  antecedent  of  every  muk  nogood. 
We  will  call  a  set  ofnogooda  F  accq>table  if  no  two  no- 
foods  snF  have  the  same  condvsion  and  either  ±  €  F 
or  there  eaists  on  aceeptaUe  nest  ass^nment  for  F. 

If  F  is  aceeptakle,  the  antecedents  of  the  nogoods  in  F 
ittdnce  a  partial  assignment  of  values  to  variables;  any 
aeceptabis  next  assjgnmmt  most  be  an  extension 
this  partial  assignment.  In  the  above  table,  for  exam¬ 
ple,  nogoods  (1)  through  (6)  oieode  the  partial  assign¬ 
ment  given  by  A  =  r,  B  =:  y,  and  D  =  h.  Nogoods  (1) 
thon^  (7)  fiil  to  encode  a  partial  assignment  because 
the  sevc^  nogood  is  inconsistent  with  the  partial  as¬ 
signment  aueodoi  in  nogoods  (1)  throngh  (0).  This 
is  why  the  sixth  nogood  is  temov^  when  the  seventh 
nogood  is  added. 


Procedure  3.2  (Dynamic  backtracking)  To  solve 
a  esp: 

P  :=  any  com^te  assignment  of  values  to  variables 
F:=0 

nntn  either  P  is  a  solntioa  or  J.  6  F: 

1  :=  any  constraint  violated  by  P 
F:=  sijip(FU7) 

P  :=  any  acceptable  next  assignment  for  F 

To  simplify  the  discussion  we  assume  a  fixed  total  or¬ 
der  on  the  variables.  Vetsiona  of  dynamic  backtrack¬ 
ing  with  dynamic  rearrangement  of  the  variable  order 
can  be  found  elsewhere  [6,  10].  Whenever  a  new  no¬ 
good  is  added,  the  fixed  variable  wdering  is  used  to 
sdect  the  variable  that  appears  in  the  conclusion 
the  nogood  -  the  latest  variable  always  appears  in  the 
condnsioa.  The  subroutine  sinp  doses  the  set  of  no¬ 
goods  under  the  resdution  inference  mk  discussed  in 
the  previous  section  and  removes  aD  nogoods  which 
have  an  antecedent  a  =  o  such  that  x  ^  v  appears  in 
the  eondnsion  of  some  other  nogood,  ^thont  giving 
a  detailed  analysis,  we  note  that  simpUficatioa  ensures 
that  F  remains  acceptable.  To  jwove  terminatioa  we 
introduce  the  foDowing  aotatioa: 

Definition  3.3  For  any  acceptable  F  and  variable  x, 
we  define  the  live  domain  at  x  to  be  thoee  values  v 
suck  that  X  ^  V  does  not  a^ppear  in  the  conclusion  of 
any  nogood  in  F.  We  will  denote  the  size  of  the  live 
domain  ofxby  |a|r,  and  will  denote  by  tn(F)  the  tvple 
(|*i|r> •  •  •  I  |*i»|r}  vdkere  Xi,...,Xn  are  the  variables  in 
tJk  esP  in  their  specified  order. 

Given  on  aceeptakle  T,  we  define  the  sise  of  F  to  he 

sixa(F)  =  n  |V.|  -  x;  m  -  |.|r)  JJ  I'"-*! 

a  a  L  ai>a 


Informally,  the  sise  d  F  is  the  sise  of  the  remaining 
seardi  space  given  the  live  domains  for  the  variables 
•ad  assuming  that  aO  information  about  a,-  will  be  lost 
when  we  du^e  the  value  fw  any  variable  xj  <  Xi. 

Lemma  3.4  Suppose  that  F  and  T*  are  such  that 
m(F)  is  lexicographically  less  than  m(F').  Then 
six^F)  <  six^F'). 

The  termination  prod  (which  we  do  not  repeat  here) 
is  based  on  the  observation  that  every  simplificatioa 
kxicogr^hically  reduces  m^).  Assuming  that  F  =  0 
initii^,  rince  sixa(0)  =  iL  1^  I  follows  that  the 
running  time  d  dynamic  badetraddng  is  bounded  by 
the  sise  d  the  {woblem  being  solved. 

Propooition  3.5  Any  acceptable  set  of  nogoods  can 
be  stored  in  o{n^v)  space  where  n  is  the  number  of 


variaikt  and  v  if  t&e  maximum  domain  tixe  of  any 
tingU  uariaUe. 

It  is  worth  eonsideriiig  the  behavior  Piocedue  S.2 
when  ^plied  to  a  CSP  that  is  the  onion  of  two  dis- 
jdnt  csPs  that  do  not  share  variables  at  ccmstraints. 
^  each  of  the  two  snbprobleau  is  onsatisfiabk  and  the 
variabk  ordering  interleaves  the  variables  of  the  two 
snbproblems,  a  classical  backtracking  search  will  take 
time  proportional  to  the  pcodnct  of  the  times  reqnired 
to  search  each  assignment  space  separately.*  In  con¬ 
trast,  Proeedore  S.3  works  on  the  two  fwoUems  inde¬ 
pendently,  and  the  time  taken  to  solve  the  onion  of 
proUems  is  therefore  the  snm  at  the  times  needed  fw 
the  indiiddoal  snbproblems.  It  fdlows  that  Proeedore 
3.2  is  fhndamental^  different  from  classical  badtrack- 
ing  or  badgomping  prooednres;  Proeedore  3.2  is  in 
fart  what  has  been  called  a  polynomial  tpaee  aggrta- 
five  haektraeking  proeaiurt  [10]. 

4  DYNAMIC  BACKTRACKING  AS 
LOCAL  SEARCH 

Before  proceeding,  let  ns  highlight  the  obvions  similar- 
ities  between  Protore  3.2  and  Selman’s  description 
of  GSAT  [14]: 

Proeedore  4.1  (Gsat)  To  solve  a  esP: 

for  «  :s  1  to  MAX-TRBS 

P  :=  a  randomly  generated  troth  assignment 
for  i  :=  1  to  MAX-PUPS 

if  P  is  a  sdotiott,  then  retom  it 
else  any  variable  in  P  that  resolts  in 

the  greatest  decrease  in  the  nomber 
of  nnsatisfied  daoses 

end  if 
end  for 
end  for 
retom&ilnre 

The  inner  loop  of  the  above  proeedore  makes  a  local 
move  in  the  snodi  space  in  a  directioa  consisteat  wtth 
the  goal  of  satis^iring  a  marimom  nomber  ci  daoses; 
we  say  that  qsat  follows  the  local  gradient  a 
‘‘maaat”  objective  fonction.  Bot  local  sonch  can  get 
stndc  in  local  minima;  the  onter  loop  i»ovides  a  par^ 
escape  by  giving  the  proeedore  several  independent 
chances  to  ind  a  solotion. 

like  OSAT,  dynamic  badetradong  examines  a  seqoence 
of  total  assignments.  Initially,  dynamic  badetradong 
has  OMsidccable  freedom  in  sdeeting  the  next  assign¬ 
ment;  in  many  cases,  it  can  opdate  the  total  assign¬ 
ment  in  a  manner  identical  to  gsat.  The  nogood  set 


*This  observatiaB  remains  troc  even  if  badtjempiag 
techniqBM  are  oaed. 


oltimatdy  both  constrains  the  allowed  directions  of 
motion  and  fmces  the  proeedore  to  search  sjrstemati- 
caUy.  Dynamic  badetradong  cannot  get  stnch  in  local 
minima. 

Both  systematidty  and  the  ability  to  fdlow  local  gra- 
dients  are  desiraUe.  The  observations  of  the  previons 
paragraphs,  however,  indicate  that  these  two  proper¬ 
ties  are  in  conflict  -  systematic  ennmeration  of  the 
search  space  appears  incompatiUe  with  gradient  de¬ 
scent.  To  better  onderstand  the  interaction  of  system- 
aticity  and  local  gradients,  we  need  to  examine  mcne 
doady  the  stxoctore  of  the  nogoods  nsed  in  dynamic 
baekfraddng. 

We  have  already  disenssed  the  tact  that  a  single  con¬ 
straint  can  be  re^esented  as  a  nogood  in  a  variety  of 
ways.  For  example,  the  constraint  -■(X  =  r  A  B  =  y) 
can  be  represented  either  as  A  =  r  -¥  B  ^  g  cx  as 
B  =i  g  -¥  A  ^  T.  Althongh  these  nogoods  c^nre 
the  same  information,  they  behave  differently  in  the 
dynamic  backtraddag  prepare  becanse  they  encode 
different  partial  troth  and  represent  dif¬ 

ferent  choices  of  variable  o^ering.  In  partknlar,  the 
set  of  acceptaUe  next  assignments  tat  A  =  r-¥Biig 
is  qnite  dtferent  from  the  set  of  acceptable  next  as¬ 
signments  tat  B  =  g  A  ^  r.  In  Ae  former  case 
an  acceptaUe  assignment  mast  satisfy  A  s  v;  in  the 
latter  case,  B  m  g  mast  hold.  Intvdtivdy,  the  for¬ 
mer  nogood  corresponds  to  changing  the  vdae  of  B 
while  the  latter  nogood  corresprmds  to  changing  that 
of  A.  The  manner  in  which  we  represent  the  coastraiat 
-•(A  =  r  A  B  =  g)  inflaences  the  direction  in  whiA 
the  seardi  is  allowed  to  proceed.  In  Proeedore  3.2,  the 
chmee  ^representation  is  forced  by  the  need  to  respect 
the  fixed  variable  ordering  and  to  change  the  latest 
variable  in  the  constraint.*  Similar  resttktioas  exist 
in  the  original  presentation  of  dynamic  backtraddng 
itself  [3]. 

S  PARTIAL-ORDER  DYNAMIC 
BACKTRACKING 

Pattialrordcr  dynamic  badetrading  [10]  replaces  the 
fixed  variable  o^er  with  a  partkdatda  that  is  dynamir 
cally  modified  daring  the  search.  When  a  new  nogood 
is  added,  thu  partial  ordering  need  not  fix  a  aniqne 
rqwesentation  -  there  can  be  considerable  dunce  in 
the  sdection  of  the  variable  to  appear  in  the  condnsion 
of  the  nogood.  This  leads  to  fir^om  in  the  sdection 
of  the  variaUe  whose  value  is  to  be  changed,  therein 
allowing  greater  flexiUlify  in  the  directions  that  the 
procedure  can  tab  while  traversing  the  search  space. 
The  loealfy  optimal  gradient  follow^  by  osat  can  be 
adhered  to  mwe  often.  The  partial  order  on  variables 


’Note,  however,  that  there  is  stiU  coniiderdtle  freedom 
in  the  dunce  of  the  constraint  itsdf.  A  total  asiigninfiit 
usually  violates  many  difierent  constraints. 
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»  wpfMwatad  bjr  «  act  of  ordoriag  ooiutraiaU  colled 
Mfttif  eomiitum$. 

DoAaltioa  5.1  A  waietj  ooaditioa  i$  on  Msertion  of 
tk*  form  a  <  y  aAerc  a  aad  y  arc  vartaUcj.  Gwen 
m  $*t  S  of  oofoty  eonJMoiu,  we  wUI  denote  iy  <s  tke 
troMoitiee  eioenre  of<,  enymy  Aot  S  ia  oeyiie  if<s 
w  amtieymmeirie.  We  wtU  write  m  <$  y  to  mean  tfcat 
a  <5  y  and  y  3^5  a. 

Ia  olkcr  word*,  a  <  y  if  these  ia  aone  (pooibfy  aoipty) 
aeqaenee  of  taitAf  oonditiuia 

u<x\<...<z»<y 

lie  seqairoBMat  of  aatiajnaBietijr  meaaa  amply  that 
then  an  ao  two  diatiact  a  aad  y  foe  which  a  <  y  aad 
y  <  a;  ia  other  woeda,  <s  haa  no  ‘loopa*  aad  ia  a  pat* 
tial  order  oa  the  aariablea.  In  thia  aectioBt  we  natrict 
oar  atteatioa  to  acjrclic  aeta  of  aafety  condittoaa. 

Deflaitioa  5.3  For  a  nogood  j,  we  wiU  denote  hy  Sj 
the  aet  of  all  aafety  eondUiena  a  <  y  aneh  Aat  a  ia  in 
the  antecedent  ofi  and  y  ta  (he  eoHoMe  tn  ita  eondn- 


fafonuByi  m  reqoin  aatiablea  in  the  aateoedeat  of 
nogooda  to  preeede  the  miahlea  ia  their  coadaakma, 
aiace  the  aateoedeat  aariablea  have  been  aaed  to  coa- 
atiaia  the  Kn  domaiaa  of  the  coadaaioBa. 

The  atate  of  the  partial  order  dyaaBiie  bachtraddag 
procedan  ia  i^raaeated  by  a  pair  (T,  5}  coaaistiBg  of 
a  set  of  Bogooda  aad  a  aet  of  safety  coaditioBS.  In 
many  cases,  we  wiU  be  interested  ia  (»ly  the  ordering 
iaiaeautioa  aboat  aariablea  that  can  precede  a  flzed 
aariabka.  lb  diaeard  the  rest  of  the  ordering  iaforma- 
thm,  we  diaeard  all  of  the  aafety  conditions  iaaolaiag 
any  aariable  y  that  follows  a,  aad  then  recoed  only 
that  y  does  indeed  IbOow  a.  Scoaewhat  mon  formally: 

Deftaitfam  5.5  For  any  aet  S  of  aafety  eondMona  and 
MweWc  a,  we  define  the  weaheBing  otS  dt  a,  to  he  de¬ 
noted  W(S,  m),  to  he  the  aet  ofae^ty  eonditiona  yhen 
hy  remoamf  from  S  ell  aafety  eonditiona  of  the  form 
a  <y  where  a  <s  y  and  (hen  addiny  the  aq/lety  condi¬ 
tion  a  <  y  for  att  aneh  y. 

The  set  W{S, «)  is  a  weakening  of  5  in  the  sense  that 
every  total  oriering  coasisteat  with  5  is  also  coaaia- 
tent  with  11^(5,  a).  However  W(5,a)  nsnally  admits 
mon  total  o^eriags  than  5  does;  for  example,  if  5 
ipeciies  a  total  order  then  W(S,a)  aDowa  any  order 
which  agrees  with  5  ap  to  aad  iadading  the  variable 
a.  b  gneral,  we  have  the  following: 

^  5v4  For  any  aet  S  of  aafety  eonditiona,  vari- 
ehla  m,  aad  Mad  order  <  oonaictent  with  the  aafety 
eonditiona  in  W(S,  a),  there  eaiata  a  total  order  eon- 
aiatent  wdh  5  th^  agreu  with  <  throng  a. 


Proeedare  5.5  To  wdve  a  esp: 

P  :=  any  complete  assignment  of  valnes  to  vatiabka 

r:=0 

S:=0 

until  either  P  is  a  eolation  or  ±  €  F: 

7  :=  a  constraint  vkdated  by  P 
^,5)  :=  Bla^r,5,7) 

P  :=  any  acce^able  next  assignment  for  F 

Proeedare  5.5  To  compote  aiag>(F,5,7): 

sdect  the  condnsion  a  7  so  that  5  U  is  acyclic 

F:=FU{7> 

S:=  11^(5  U  5,.  a) 

remove  from  F  eadt  nogood  with  a  in  its  antecedent 
if  the  eondnaons  of  nogooda  in  F  rale  oot  all 
possible  valnes  fw  a  then 
p  :=  the  resnlt  of  resdving  all  nogoods  in  F  with  a 
in  their  eondnaion 
(F.S>:=  slnp(F.S,p) 
end  if 
retnm  (F,5) 

ne  above  simpiiilcation  proeedare  maintains  the  in¬ 
variant  that  F acceptaUe  aad  5  be  acyclic;  in  addi¬ 
tion,  the  time  needed  for  a  nagle  eaU  to  slap  appears 
to  grow  significantly  snblineady  with  the  aise  4^  the 
problem  ia  question  (see  Section  7). 

Theorem  5.7  Proeedare  5.S  terminatea.  The  nnmber 
of  calls  to  oimp  ia  hounded  hy  the  aixe  of  the  problem 
being  aolved. 

Am  an  examine,  snppose  that  we  retain  to  oar  map- 
coloiing  i«oUem.  We  begin  by  coloring  aQ  of  the  coun¬ 
tries  except  Bulgaria,  which  is  green.  The  taUe  on 
the  next  page  shows  the  total  assignment  that  existed 
at  the  moment  eadi  new  nogood  was  generated. 

The  initial  cokning  violates  a  variety  of  constraints; 
suppose  that  we  choose  to  wrwk  oa  one  with  Albania 
in  its  condnsion  because  Albania  is  involved  in  three 
violated  constraints.  We  dioose  C  =  r  A  ^  r 
specifically,  aad  add  it  as  (1)  bdow. 

We  next  modify  Albania  to  be  blue.  The  only  con¬ 
straint  violated  is  that  Denmark  aad  England  be  dif¬ 
ferent  colors,  so  we  add  (2)  to  F.  This  suggests  that  we 
change  the  coter  for  England;  we  try  green,  but  this 
confli^  with  Bnlgaria.  If  we  write  the  new  aogood 
omE  —  g-¥B^g,  we  will  change  Bulgaria  to  blue 
aad  be  done,  b  the  table  above,  however,  we  make 
the  less  optimal  choice  (3),  changing  the  coloring  fen 
England  again. 

We  are  now  forced  to  cdor  England  blue.  This  con¬ 
flicts  with  Albania,  aad  we  continue  to  leave  England 
m  the  condnsioa  of  the  aogood  as  we  add  (4).  This 
nogood  resolves  with  (2)  aad  (3)  to  produce  (5),  where 


we  have  once  again  made  tbe  worst  choioe  and  pnt  D  in 
tbe  oonehirion.  We  add  this  nogood  to  F  and  remove 
nogood  (2)i  wbidi  is  the  only  nogood  with  D  in  its 
antecedent.  In  (6)  we  add  a  safety  condition  indicat¬ 
ing  that  D  must  continne  to  precede  E.  (This  safety 
condition  has  been  present  since  nogood  (2)  was  dis¬ 
covered,  bat  we  have  not  indicated  it  ezi^tiy  until 
the  oti^nal  nogood  was  dropped  from  the  database.) 
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We  next  diange  Denmark  to  green;  England  is  forced 
to  be  red  once  again.  Bat  now  Bnlgaria  and  Denmark 
are  both  green;  we  have  to  write  this  new  nogood  (7) 
with  Denmark  in  the  condnsion  becaose  the  order¬ 
ing  implied  by  nogood  (S)  above.  Chan|png  Denmark 
to  Uae  oonfli^  with  Albania  (S),  whi^  we  have  to 
write  tAssh-^D^h.  This  new  nogood  resdves 
with  (5)  and  (7)  to  prince  (9). 

We  drop  (S),  (5)  and  (7)  becaose  they  involve  B  =  g, 
and  infeodooe  the  two  safety  emditioas  (10)  and 
(11).  Since  B  foOowi  B,  we  drop  the  safety  condition 
B  <D.  M  this  point,  we  are  finally  forced  to  diange 
the  color  for  Bnlgaria  and  the  search  continaes. 

It  is  important  to  note  that  the  added  fieriUHty  of  pdb 
over  dynamic  backtrodiag  arises  from  the  flexiUlity 
in  the  first  step  of  the  simplification  |»ooedare  where 
the  c<mdaaion  of  the  new  nogood  is  sdected.  This 
seketion  corresponds  to  asdec^n  ofa  variaUe  whose 
value  is  to  be  changed. 

As  with  the  procedure  in  the  previous  section,  when 
given  a  CSP  that  is  a  union  of  csPs  the  above 

procedure  wiD  treat  the  two  subproblems  indepen¬ 
dently.  The  total  running  time  remains  the  sum  of 
the  times  required  Car  the  subproblems. 

6  ARBITRARY  MOVEMENT 

Partialrocder  dynamie  badctrackiiig  still  does  not  |so- 
vide  total  freedom  in  the  choice  of  direction  through 
the  seardb  qpace.  When  a  new  nogood  is  discovered, 
the  eristjng  partial  order  constrains  how  we  are  to  in¬ 
terpret  that  nogood  -  roughly  speakiag,  we  ate  forced 
to  dange  the  value  of  late  variaUes  bdbre  ebiiging 
the  values  of  thdr  predecessors.  The  use  a  partial 


ordo:  makes  this  constraint  looser  than  previously,  but 
it  is  stOl  present.  In  this  section,  we  allow  cycles  in  the 
nogoods  and  safety  conditions,  thereby  permitting  ar¬ 
bitrary  choice  in  the  selection  of  the  variable  appearing 
in  the  condusion  of  a  new  nogood. 

The  basic  idea  is  the  following:  Suppose  that  we  have 
introduced  a  loop  into  the  variable  ordering,  perhaps 
by  induding  the  pair  of  nogoods  a  -ly  and  y  a. 
Rather  than  rewrite  one  of  these  nogoods  so  that  the 
same  variaUe  qipears  in  the  condnaon  of  both,  we 
will  view  the  (a,y)  combination  as  a  single  variable 
that  takes  a  value  in  the  product  set  x  V^. 

If  a  and  y  are  variables  that  have  been  “combmed”  in 
this  way,  we  can  rewrite  a  nogood  with  (for  example) 
a  in  its  antecedent  and  y  in  its  condnsion  so  that  both 
a  and  y  are  in  the  condnsion.  As  an  example,  we  can 
rewrite 

a  =  »,  A  a  =  »,  -4  y  V,  (4) 


z  =  v,-¥  (a,  y)  ^  (».,«,)  (5) 

which  is  logically  equivalent.  We  can  view  this  as  elimir 
noting  a  particidar  value  for  the  pair  variables  (a,  y). 

Definition  Q.l  Let  S  be  a  $et  of  tafety  eondiUont 
(poteibiy  not  aeyelie).  We  will  write  nSs  y  if*  <s  y 
and  y  <5  a.  T%e  eqaivalenee  dau  of  a  under  =  wdl 
be  denoted  (a)5.  If  7  is  a  nogood  whoee  eonelution  in¬ 
volves  the  variMe  a,  we  will  denote  by  fs  the  result 
of  moving  to  the  conclusion  of  7  all  terms  involving 
members  of{a)s.  IfF  is  a  set  of  nogoods,  we  will  de¬ 
note  by  Ts  it  the  set  of  nogoodt  of  the  form  75  for 
7€r. 

It  is  not  difilcult  to  show  that  for  any  set  5  of  safety 
conditions,  the  rdation  =5  is  an  equivalence  relation. 
As  an  example  of  rewriting  a  nogood  in  the  presence 
ordering  cydes,  suppose  that  7  is  the  nogood  (4) 
and  let  5  be  such  that  (y)s  =  {a,  y};  now  75  is  ^ven 
by  (5). 

Placing  mate  than  one  litaal  in  the  condnsions  of  no¬ 
goods  forces  us  to  reconsider  the  notion  of  an  accept¬ 
able  next  assignment: 

Definition  8.2  A  cyclically  acceptable  next  assign¬ 
ment  for  a  nogood  set  F  under  a  set  S  of  tafety  eon- 
ditiont  is  a  total  assignment  P  of  values  to  variablet 
satisfying  every  nogo^  in  F5  and  every  antecedent  of 
every  sudt  nogood. 

We  now  define  a  third  djmamic  backtraddng  proce¬ 
dure.  Note  that  W(S,x)  remains  wdl  defined  even 
if  5  is  not  acydk,  since  W(5,  a)  drops  ordering  con¬ 
straints  only  on  variaUes  y  such  that  a  <5  y. 
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Procednr*  0.3  Td  solve  o  CSP: 

P  :=  anjr  comidete  stiigiunent  cS  valaes  to  vaiiables 

r:=0 

5:=0 

until  dtlier  P  is  «  solatioa  or  ±  €  F: 

7  :=  a  constrsint  violated  by  P 

(r,S>:=sl«p(r.S.7) 

P  :=  any  cyclical^  acceptable  next  assignment 
for  r  under  5 

Procedure  0.4  To  compute  si^p(r,  5,7): 
sdect  a  condnsion  s  fn  7  (now  unconstrained) 

r:=ru{7> 

5:=  W(SUS:t.*) 

rmnove  from  F  ea^  nogood  a  with  an  element  of  {z)s 
in  tbe  antecedent  of  05 

if  the  conduaiona  of  nogoods  in  F5  rule  out  aD 

possiUe  values  fat  the  variables  in  {x)s  then 
p  :=  the  result  of  resolving  all  nogoods  in  Fs  whose 
condusions  involve  variables  in  {x)s 
{F,S);=s  •iap{T,S,p) 
end  if 

return  (F,  5). 

the  condurion  is  sdected  so  that  5  remains  acycHc, 
the  above  procedure  is  identical  to  the  one  in  the  pre¬ 
vious  section. 

Proposition  0.5  Suppose  that  we  are  wothing  on  a 
problem  wiAn  variablee,  that  the  tixe  of  the  largett  do¬ 
main  of  any  variaHe  it  v,  and  that  we  have  constructed 
F  and  S  astnp  repeated  appUeationa  of  slap.  If  the 
largett  egutvolence  doss  (c)5  contains  d  elementa,  the 
apace  regaired  to  atore  F  it  o(nV). 

If  we  have  an  equivalence  class  of  d  variables  each  of 
which  has  v  possiUe  values  then  the  nnmba  of  possi¬ 
Ue  values  of  the  "comUned  variaUe”  is  v^.  The  above 
procedure  can  now  generate  a  distinct  nogood  to  elim¬ 
inate  each  of  the  possible  values,  and  the  space 
requirements  of  the  procedure  can  therefore  grow  ex¬ 
ponentially  in  the  sise  the  equivalence  danes.  The 
time  requfred  to  find  a  cydicaUy  allowed  next  assign¬ 
ment  can  also  grow  e]q>oneatiaDy  in  the  rise  of  the 
equivalence  daises.  We  can  address  these  difficulties 
by  in  advance  a  bound  for  the  largest  alloared 

rise  of  OBJ  equivalence  dass.  In  any  event,  termination 
is  stQl  guaranteed: 

Theorem  0.0  Procedure  6.3  terminatea.  The  number 
of  ealla  to  ainp  is  bounded  by  the  tize  of  the  problem 
being  aohed. 

Sdecting  a  vatiaUe  to  place  in  the  condurion  of  a  new 
nogood  corresponds  to  choosing  the  variable  whose 
value  is  to  be  changed  on  the  next  iteration  and  is  anal¬ 
ogous  to  selecting  the  variaUe  to  fiip  in  osat.  Since 


the  choice  of  condurion  is  unconstrained  in  the  above 
procedure,  the  procedure  has  tremendous  fiexiUlity  in 
the  way  it  traverses  the  search  space.  Like  the  proce¬ 
dures  in  the  {sevious  sections.  Procedure  6.S  continues 
to  solve  combinations  of  independent  snbproUems  in 
time  bounded  by  the  sum  of  the  times  needed  to  solve 
the  snbproblems  individually. 

Here  are  these  ideas  in  use  on  a  Boolean  csP  with  the 
constraints  a  b,  b  e  and  c  -4.  As  before,  we 
present  a  trace  and  then  explain  it: 


a 

b 

e 

1  add  to  F 

remove  from  F 

t 

t 

f 

a-¥b 

1 

t 

t 

s 

6  c 

2 

i 

t 

t 

e—^-b 

3 

"la 

4 

1 

a<  b 

5 

The  first  three  nogoods  are  simply  the  three  con¬ 
straints  appealing  in  the  problem.  Although  the  or¬ 
derings  of  the  second  and  third  nogoods  conflict,  we 
choose  to  write  them  in  the  given  form  in  any  case. 

Since  this  puts  b  and  c  into  an  equivalence  dass,  we  do 
not  drop  nogood  (2)  at  this  point.  Instead,  we  inter¬ 
pret  nogood  (1)  as  requiring  that  the  value  talmn  by 
(h,  c)  be  dither  (t,  t)  or  (t,  /);  (2)  disallows  (t,  /)  and  (S) 
disallows  (t,t).  It  follows  that  the  three  nogoods  can 
be  resolved  together  to  obtain  the  new  nogood  given 
simply  by  ->a.  We  add  this  as  (4)  above,  dropping 
nogo<^  (1)  because  its  antecedent  is  bhdfied. 

7  EXPERIMENTAL  RESULTS 

In  this  section,  we  jnresent  preliminary  results  regard¬ 
ing  the  implement^  effectiveness  of  the  procwlnre 
we  have  described.  The  implementation  is  based  on 
the  somewhat  restricted  Procedure  5.5  as  opposed 
to  the  more  general  Procedure  6.3.  We  compared  a 
search  engine  based  on  this  procedure  with  two  others, 
TABLBAO  [2]  and  wsAT,  or  ‘Sralk-sat”  [13].  Tableau 
is  an  efficient  implementation  of  the  Davis-Pntnam  al¬ 
gorithm  and  is  systematic;  wsAT  is  a  modification  to 
OSAT  and  is  not.  We  used  WSAT  instead  of  gsat  be¬ 
cause  WSAT  is  more  effective  on  a  fairly  wide  range 
problem  distributions  [13]. 

The  experimental  data  was  not  collected  using  the  ran¬ 
dom  3-SAT  problems  that  have  been  the  target  of 
much  recent  investigation,  since  there  is  growing  ev¬ 
idence  that  these  {noblems  are  not  reinesentative  of 
the  difficulties  encountered  in  practice  [3].  Instead,  we 
generated  our  problems  so  that  the  danses  they  con¬ 
tain  involve  groups  of  locally  connected  variables  as 
opposed  to  variables  selected  at  random. 

Somewhat  more  specifically,  we  filled  an  n  x  n  square 
grid  with  variables,  and  then  required  that  the  three 
variables  appearing  in  any  single  clause  be  neighbors 
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in  this  pid.  Lisp  code  generating  the«  exunides  np- 
pean  in  the  appendix.  We  belieTe  that  the  qn^tative 
properties  of  the  results  rep<nted  here  hold  for  a  wide 
class  of  distributions  where  rariables  are  giiren  spatial 
locations  and  dauses  are  required  to  be  local. 

The  experiments  were  performed  at  the  crossoTa  point 
where  approximateljr  half  of  the  instances  generated 
could  be  expected  to  be  satisfiable,  since  this  appears 
to  be  where  the  most  difficult  proUems  lie  [2].  Note 
that  not  dl  instances  at  the  croasoTcr  point  are  hard; 
as  an  example,  the  local  eariable  interactions  in  these 
problems  can  lead  to  short  resdntion  i»oo£i  that  no 
solution  exists  in  unsatisiiable  cases.  This  it  in  sharp 
contrast  with  random  3-SAT  problems  (where  no  short 
proofs  ^pear  to  exist  in  general,  and  it  can  even  be 
shown  that  proof  lengths  are  growing  exponentiaQy 
on  aeoage  [1]).  ReaUstic  {woUems  may  often  have 
short  piUhs:  A  particular  scheduling  problem 
may  be  simply  because  there  is  no  way 

to  schedule  a  specific  resource  as  opposed  to  because 
of  global  issues  involving  the  problem  in  its  entirety. 
Satisfiability  problems  arising  in  VLSI  drcmt  design 
can  also  be  expected  to  have  locality  properties  similm 
to  those  we  have  described. 

The  iwoUems  involved  25, 100,  225,  400  and  625  vari¬ 
ables.  For  each  sise,  we  generated  100  satisfiable  and 
100  nnsatisfiabk  instances  and  then  executed  the  three 
procedures  to  measure  their  performance.  (WSAT  was 
not  tested  on  the  nnsatisfiable  instances.)  For  WSAT, 
we  measured  the  number  of  times  specific  variable  val¬ 
ues  were  flipped.  For  PDB,  we  measured  the  number  of 
top-level  calls  to  Procedure  5.6.  For  TABUAU,  we  mea¬ 
sured  the  number  of  choice  nodes  expanded.  Wsat 
and  PDB  were  limited  to  100,000  flips;  tablbad  was 
limited  to  a  running  time  of  150  seconds. 

The  results  for  the  satisfiable  problems  were  as  fol¬ 
lows.  For  TABUAD,  we  give  the  node  count  for  suc¬ 
cessful  runs  only;  we  also  indicate  parenthetically  what 
fraction  at  the  problems  were  s<dved  given  the  compu¬ 
tational  resource  limitations.  (Wsat  and  pdb  success¬ 
fully  sdhred  all  instances.) 


Variables 

PDB 

WSAT 

TABLEAU 

25 

35 

89 

jRTo) 

100 

210 

877 

255  (1.0) 

225 

434 

1626 

504  (.98) 

400 

731 

2737 

856  (.70) 

625 

616 

3121 

502  065) 

For  the  nnsatisfiable  instances,  the  results  were: 


Variables 

PDB 

TABLEAU 

25 

122 

fJTo) 

100 

509 

1779  (1.0) 

225 

988 

5682  (.38) 

400 

1090 

558  (.11) 

625 

1204 

114  (.06) 

The  times  required  for  PDB  and  WSAT  appear  to  be 
growing  comparably,  although  only  PDB  is  able  to  scdve 
the  nnsatisfiable  instances.  The  eventual  decreate  in 
the  average  time  needed  by  TABI.BAD  is  because  it  is 
only  managing  to  solve  the  easiest  instances  in  each 
class.  This  causes  TABLBAD  to  become  almost  com- 
pletdy  ineffective  in  the  nnsatisfiable  case  and  only 
partially  effective  in  the  satisfiable  case.  Even  where 
it  does  succeed  on  large  problems,  tableau’s  run  time 
is  greater  than  that  at  the  other  two  methods. 

Finally,  we  collected  data  on  the  time  needed  fix  each 
top-level  call  to  sinp  in  partial-order  dynamic  back¬ 
tracking.  As  a  function  of  the  number  cff  variables  in 
the  problem,  this  was: 


Number  of 
variables 

PDB 

(msec) 

WSAT 

(msec) 

25 

3.9 

0.5 

100 

5.3 

0.3 

225 

6.7 

0.6 

400 

7.0 

0.7 

625 

8.4 

1.4 

AH  times  were  measured  on  a  Sparc  10/40  running  un¬ 
optimised  Allegro  Common  Lisp.  An  efficient  C  imple¬ 
mentation  could  expect  to  improve  either  method  by 
approximately  an  order  of  magnitude.  As  mentioned 
in  Section  5,  the  time  per  flip  is  growing  sublinearly 
with  the  number  of  variables  in  question. 

8  CONCLUSION  AND  FUTURE 
WORK 

Our  in  this  paper  has  been  to  make  a  primar¬ 
ily  theoretical  contribution,  describing  a  new  class  of 
constraint-satisfaction  algorithms  that  appear  to  com¬ 
bine  many  of  the  advantages  of  {wevious  systematic 
and  nonsystematic  approadies.  Since  our  focus  has 
been  on  a  description  of  the  algcaithms,  there  is  obvi¬ 
ously  much  that  remains  to  be  done. 

First,  of  course,  the  procedures  must  be  tested  on  a 
variety  of  problems,  both  synthetic  and  naturally  oc¬ 
curring;  the  results  rep<xted  in  Section  7  only  scratch 
the  sufoce.  It  is  especially  important  that  realistic 
problems  be  indnded  in  any  experimental  evaluation 
of  these  ideas,  since  these  problems  are  lil^y  to  have 
petfmmance  inofiles  substantially  different  from  those 
of  randomly  generated  problems  [3].  The  eq>eriments 
of  the  previous  section  need  to  ^  extended  to  in¬ 
clude  unit  resolution,  and  we  need  to  determine  the 
frequency  with  whidi  exponential  space  is  needed  in 
pnetiee  by  the  full  procedure  6.3. 

Finally,  we  have  left  completdy  untouched  the  ques¬ 
tion  cff  how  the  flexilulity  of  Procedure  6.3  is  to  be  ex¬ 
ploited.  Given  a  group  of  violated  constraints,  which 
should  we  pick  to  add  to  F?  Whidt  variable  should 
be  in  the  condusion  of  the  constraint?  These  dunces 
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cMtcspond  to  choice  of  backtrock  strategy  in  a  more 
conventioiial  setting,  and  it  wQl  be  important  to  on- 
derstaad  them  in  this  setting  as  weU. 

A  Experimental  code 

Here  is  the  code  used  to  generate  instances  of  the  class 
of  problems  on  which  our  ideas  were  tested.  The  two 
argiinn»iit«  to  the  procedure  are  the  sise  s  of  the  vari- 
aUe  grid  and  the  number  c  of  clauses  to  be  “centered” 
on  any  single  vaxiaUe. 

For  each  grid  variable  a  we  generated  [cj  or  [cj  + 1 
clauses  at  random  subject  to  the  constraint  t^  the 
variables  in  each  clause  form  aright  triangle  with  h<ai- 
Bontal  and  vertical  sides  of  length  1  and  where  s  is  the 
vertex  opposite  the  hypotenuse.  There  are  four  such 
triangles  for  a  given  a.  There  axe  eight  assignments  of 
values  to  variable  for  each  triangle  giving  S2  possible 
clauses.  Variables  at  the  edge  of  the  grid  usually  gen¬ 
erate  fewer  than  c  danses  so  the  boundary  of  the  grid 
is  relatively  unconstrained. 

(dafun  naka-problan  (s  c  kauz  result  xz  yy) 
(dotinas  (z  s  result) 

(dotiaas  (y  s) 

(dotinas  (i  (*•■  (floor  e) 

(if  (>  (randon  1.0) 

(ran  c  1.0)) 

0  1))) 

(satq  zz  (-f  z  *-l  (•  2  (randon  2))) 
yy  (+  y  -1  (•  2  (random  2)))) 
(aban  (and  (<  -1  zz  s)  (<  -1  yy  s)) 
(push  (nau-elausa  z  y  zz  yy  s) 
result)))))) 

(dafun  nau-clansa  (z  y  zz  yy  s) 

(aapcar 

f’danbda  (a  b  kauz  (v  (■«■  1  («  s  a)  b))) 
(if  (zarop  (randon  2))  v  (-  v)))) 

(list  z  zz  z)  (list  y  y  yy)) 
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Abstract 

We  lay  the  foondations  of  a  theory  of  constraint  databases  with  indefinite  information  based  on  the 
relational  model.  We  develop  the  scheme  of  indefinite  £-constraint  databases  where  L,  the  parameter,  is 
a  first.K>rder  constraint  language.  This  scheme  extends  the  proposal  of  Kanellalds,  Kuper  and  Revesz  to 
include  indefinite  information  in  the  style  of  Imielinski  and  Lipsld.  We  propose  declarative  and  procedural 
query  languages  for  the  new  scheme  and  study  the  semantics  of  query  evaluation. 


1  Introduction 

In  this  paper  we  lay  the  foundations  of  a  theory  of  indefinite  constraint  databases  based  on  the  relational 
model  [Mai83].  As  a  starting  point  of  our  investigation,  we  take  the  model  of  constraint  databases  proposed 
in  [KKR90].  This  model  is  useful  for  the  representation  of  vnresfrtcfed  (i.e.,  finite  or  infinite)  definite  informat- 
tion.  However,  indefinite  information  is  also  important  in  many  applications  e.g.,  planning  and  scheduling, 
medical  expert  systems,  geographical  information  systems  and  natural  language  processing  systems.  Moti¬ 
vated  by  these  practical  considerations,  we  develop  the  model  of  indefinite  constraint  databases  which  allows 
the  representation  of  definite,  indefinite,  finite  and  infinite  information  in  a  single  unifying  framework. 

Our  contributions  to  the  theory  of  constraint  databases  can  be  summarized  as  follows: 

•  We  develop  the  scheme  of  indefinite  C-consiraint  databases  where  £,  the  parameter,  is  a  first-order 
constraint  language.  This  parameterized  model  extends  the  scheme  of  [KKR90]  to  include  indefinite 
information  in  the  style  of  [IL84,  Gra89]  (section  3). 

•  We  propose  modal  relational  calculu..  with  ^-constraints  as  a  declarative  query  languages  for  indefinite 
^-constraint  databases  (section  4).  We  also  propose  a  procedural  query  language:  the  modal  £- 
consfratnf  algebra  (section  5). 

•  We  show  that  expressions  of  modal  relational  calculus  with  £-consttaints  can  be  evaluated  bottom-up 
in  closed  form  on  indefinite  £-constraint  databases.  This  is  a  direct  consequence  of  the  fact  that  every 
expression  of  modal  relational  calculus  with  £-constraints  has  an  equivalent  expression  in  modal  £- 
constraint  algebra  (section  7).  This  result  could  be  the  first  step  in  developing  optimization  techniques 
for  £-con8traint  databases  emd  indefinite  £-constraint  databases. 

This  paper  is  organized  as  follows.  The  next  section  presents  some  examples  of  constraint  languages  and 
defines  the  relevant  abstract  concepts.  In  section  3  we  present  the  scheme  of  indefinite  £-constraint  databases. 

*Thia  woric  wm  petfomied  while  the  author  ww  with  the  Computer  Science  Divisition,  Dept,  of  Electrical  and  Computer 
Eaghieeriag,  NatiMial  Technical  University  of  Athens,  Greece. 
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In  sections  4  and  5  we  discuss  the  modal  relational  calculus  with  ^^constraints  and  the  modal  iC-constraint  al¬ 
gebra.  In  section  6  we  present  several  results  concerning  algebraic  query  evaluation  in  £-constraint  databases 
and  indefinite  /^-constraint  databases.  In  section  7  we  discuss  the  translation  of  expressions  of  modal  rela¬ 
tional  ^  Iculus  with  /^-constraints  into  expressions  of  modal  £-constraint  algebra.  Finally,  section  8  presents 
related  work. 


2  Constraint  Languages 

In  this  paper  we  consider  many-sorted  languages,  structures  and  theories  [End72].  Every  Ismguage  C  will 
be  interpreted  over  a  fixed  structure,  called  the  intended  structure,  which  will  usually  be  denoted  ly  M^. 
If  M  is  a  structure  then  T/i(M)  will  denote  the  theory  of  M  i.e.,  the  set  of  sentences  which  are  true  in 
M.  For  every  language  £,  we  will  distinguish  a  class  of  quantifier  free  formulas  called  C-constraints.  The 
atomic  formulas  of  £  will  be  included  in  the  class  of  iC-constradnts.  There  will  also  be  two  distinguished 
£-co  ^traints  true  and  false  with  obvious  semantics.  Similar  assumptions  have  been  made  in  [Mah93]  in  the 
contex  of  the  CLP  scheme.  A  set  of  /^-constraints  will  be  the  algebraic  counterpart  of  the  logical  conjunction 
of  its  members.  Thus  we  will  freely  mix  the  terms  “set  of  /^-constraints”  and  “conjunction  of  /^-constraints” . 
We  will  assume  that  the  reader  is  familiar  with  the  notions  of  solution,  consistency  and  equivalence  of  sets 
of  constraints  [Mah93]. 

Let  us  now  give  some  examples  of  constraint  languages. 

Example  2.1  The  language  ECL  (  Equality  Constraint  Language)  with  predicate  symbols  =,  ^  and  an 
infinite  number  of  constants  has  been  defined  in  [KKR90].  The  intended  structure  for  this  language  interprets 
=  as  equality,  ^  as  non-equality  and  constants  as  “themselves”.  An  ECL~constraint  is  2m  ECL  formula  of 
the  form  xi  —  *j  or  *i  xj  where  xi,xj  are  variables  or  constants.  ECL  has  been  used  by  [KKR90]  for 
the  development  of  an  extended  relational  model  based  on  ECL-constraints. 

We  now  present  a  language  for  expressing  temporal  constraints. 

Example  2.2  The  language  dePCL  (dense  Point  Constraint  Language)  allows  us  to  make  stamements 
about  points  in  dense  time.  dePCL  is  a  first-order  language  with  equality  and  the  following  set  of  non-logical 
symbols:  the  set  of  rational  numerals,  function  symbol  —  of  arity  2  and  predicate  symbol  <  of  axity  2.  The 
terms  and  atomic  formulas  of  dePCL  are  defined  as  follows.  Constants  and  variables  are  terms.  If  ti  and  f  2 
are  variables  or  constants  then  f  1  — 12  is  a  term.  An  atomic  formula  of  dePCL  is  a  formula  of  the  form  t  ~  c 
01  e~t  where  ~  is  <  or  =  and  t  is  a  term. 

The  intended  structure  for  dePCL  is  Q.  Q  interprets  each  rational  numeral  by  its  corresponding  rational 
number,  function  symbol  —  by  the  subtraction  operation  over  the  rationals  and  <  by  the  relation  “less  than” . 
The  theory  Th{Q)  is  a  subtheory  of  real  addition  with  order  (Rab77]. 

A  dePCL-constraint  is  a  dePCL  formula  of  the  form  t  ~  c  where  t  is  a  term,  c  is  a  constant  and  ~  is 
=i  <>  >>  :<  or  For  example,  the  formulas  pi  <  p2,  Ps  —  P<  >  15,  ps  =  5/4  are  dePCL-constraints. 

Example  2.3  Let  us  also  consider  the  many-sorted  language  ECL-f  dePCL  which  is  the  union  of  ECL  and 
dePCL.  The  sorts  of  ECL-fdePCL  are  V  (for  the  infinite  set  of  constants  of  ECL)  and  Q  (for  the  rational 
numerals  of  dePCL).  The  symbols  of  ECL-|-dePCL  are  interpreted  by  the  many-sorted  structure  which  is 
the  union  of  the  intended  structures  for  ECL  and  dePCL. 

Let  us  now  define  the  concept  of  variable  elimination.^ 

Definition  2.1  Let  £  be  a  many-sorted  first-order  language.  The  class  of  £-constraints  admits  variable 
elimination  iff  for  every  boolean  combination  of  £-constraints  in  variables  x,  and  every  vector  of  variables 
?  C  X,  there  exists  a  disjunction  of  conjunctions  of  £-constraints  in  variables  x  \  J  such  that 

^Notation:  The  vector  oi eirnibolf  (01,. .  .,on)  will  be  denoted  by  o.  The  natural  number  n  will  be  called  the  $izt  of  o  and 
win  be  denoted  by  |o|.  Thie  notatkai  wiU  be  ua^  fw  vectors  of  vviables  but  also  for  vectors  of  domain  elements.  Variables 
will  be  denoted  by  Xiy,s,t  etc.  and  vectors  of  variables  by  x,y,s,?  etc.  Uxandy  are  vectors  of  variables  then  z\y  will  denote 
the  vector  obtained  from  x  Iqr  deleting  the  variables  in  y .  If  x  is  a  vector  of  variables  then  x**  srill  be  a  vector  of  constants  of 
the  same  sise. 
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1.  If  is  a  solution  of  ^  then  \  is  a  solution  of 

2.  If  x^  \  is  a  solution  of  then  this  solution  can  be  extended  to  a  solution  x^  of 

Some  people  might  find  the  above  definition  overly  strong.  But  requiring  to  be  just  a  boolean  combina¬ 
tion  of  ^-constraints  would  turn  out  to  be  unsatisfaictory  for  the  database  models  discussed  in  section  3.  The 
reason  is  very  simple;  when  we  eliminate  variables,  we  would  have  to  deal  with  negations  of  C-constiaints. 
Similar  arguments  and  definitions  appear  in  [Stu91]. 

The  following  definition  will  be  useful  in  the  forthcoming  sections. 

Definition  2.2  Let  £  be  a  many-sorted  first-order  language.  The  class  of  ^-constraints  is  weakly  closed 
under  negation  if  the  negation  of  every  ^-constraint  is  equivalent  to  a  disjunction  of  jC-constraints. 

In  the  rest  of  this  paper  we  will  only  be  interested  in  constraints  which  admit  variable  elimination  and  are 
weakly  closed  under  negation.  Many  interesting  classes  of  constraints  fall  under  this  category.  The  following 
proposition  shows  that  this  is  also  the  case  for  the  construnt  classes  defined  in  this  section . 

Proposition  2.1  The  classes  of  ECL-constrainis,  dePCL-consiraints  and  ECL-fdePCL-constraints  admit 
variable  elimination  and  are  weakly  closed  under  negation. 


3  Indefinite  Constraint  Databases 

We  wUl  now  extend  the  iC-constraint  database  model  of  [KKR90]  to  account  for  indefinite  information  in  the 
style  of  [IL84,  Gra89].  For  the  rest  of  this  section,  let  £  be  a  many-sorted  language  and  lAc  be  the  intended 
C-structure.  Let  us  also  assume  that  the  class  of  ^-constraints  admits  variable  elimination  and  is  weakly 
closed  under  negation. 

For  each  sort  s  €  sorts{C),  let  £/,  be  a  countably  infinite  set  of  attributes  of  sort  s.  The  set  of  all 
attributes,  denoted  by  U,  is  attribute  A  will  be  denoted  by  sort(A).  With  each 

A€U  ure  associate  a  set  of  values  dom(A)  —  dom(s,Mc)  called  the  domain  of  A.^  A  relation  scheme  R  is 
a  finite  subset  of  U. 

We  will  first  define  M£-relations  which  are  unrestricted  (i.e.,  finite  or  infinite)  standard  relations.  Mf- 
relations  are  a  theoretical  device  for  giving  semantics  to  indefinite  ^-constraint  relations. 

Definition  3.1  Let  iZ  be  a  relation  scheme.  An  Mf -relational  tuple  t  over  scheme  R  is  a.  mapping  from 

such  that  t{A)  €  <tom(sort(A),Mc).  An  Mc-relation  r  over  scheme  R  is  an 
unrestricted  set  of  Mr-relational  tuples  over  R. 

For  every  s  €  sorts(jC),  we  now  assume  the  existence  of  two  disjoint  countably  infinite  sets  of  vari¬ 
ables:  the  set  of  u-variables  CIVAR^  and  the  set  of  e-variables  EVAR^.  Let  VVARc  and  EVARc  denote 
U«6<on«(£)  UVAJP/^  and  U*€»<>rt»(£)  ^VAR'jr  respectively.  The  intersection  of  the  sets  UVARc  and  EVARc 
with  the  domains  of  attributes  is  empty. 

Notation  3.1  U-variables  will  be  denoted  by  letters  of  the  English  alphabet,  usually  x,y,z,t,  possibly  sub¬ 
scripted.  E-variables  will  be  denoted  by  letters  of  the  Greek  alphabet,  usually  u,  X,  C,  v,  possibly  subscripted. 

Definition  3.2  Let  iZ  be  a  relation  scheme.  An  indefinite  C-constraint  tuple  t  over  scheme  iZ  is  a  mapping 
from  /ZU  {COW}  to  VVARc  U  WFF{C)  such  that  (i)  f(A)  G  UVARf^*^*^  for  each  A  £  R,  (u)  t(Ai)  is 
different  than  t{Aj)  for  all  distinct  At,  Aj  G  R,  (iii)  t{CON)  is  a  conjunction  of  E-constraints  and  (iv)  the 
free  variables  of  t{CON)  are  included  in  {<(A)  ;  A  G  /f)  U  EVARc-  t{CON)  is  called  the  local  condition  of 
the  tuple  t  while  t(iZ)  is  called  the  proper  pari  of  t. 

Definition  3.3  Let  W  be  a  relation  scheme.  An  indefinite  C-constraini  relation  over  scheme  /Z  is  a  finite  set 
of  indefinite  ^-constraint  tuples  over  R.  Each  indefinite  /^-constraint  relation  r  is  associated  with  a  boolean 
combination  of  /^-constraints  C(r),  called  the  global  condition  of  r. 

«  is  « loct  and  Mi**  atructure  then  domf*,  M)  denote*  the  domain  of  s  in  etnictuie  M. 
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Similarly  we  can  define  databaae  schemes,  Mr-relational  databases  and  indefinite  jC-constraint  databases 
[Kou94aj.  Database  schemes  and  databases  will  usually  be  denoted  by  R  and  r  respectively. 

The  above  definitions  extend  the  model  of  [KKR90]  by  introducing  e-variables  which  have  the  semantics 
of  marked  nulls  of  [IL84].  As  in  [Gra89],  the  possible  values  of  the  e- variables  can  be  constrained  by  a  global 
condition. 

Example  3.1  BOOKED  is  an  indefinite  ECL-t-dePCL-constraint  relation  giving  the  times  that  rooms  are 
booked.  The  first  tuple  says  that  room  WP212  is  booked  from  1:00  to  7:00.  For  room  WP219  the  information 
is  inddinite:  it  is  booked  &om  1:00  until  some  time  between  5:00  and  8:00.  This  indefinite  information  is 
captured  by  the  e-variable  u  and  its  global  condition  5  <  a;  <  8.  E-variables  can  be  understood  as  being 
existentially  quantified  and  their  scope  is  the  entire  database.  They  represent  values  that  exist  but  are 
not  known  precisely  [IL84,  Gra89].  All  we  know  about  these  values  is  captured  by  the  globed  condition. 
U-variable8{e.g.,  xi,X2,U,t2)  can  be  understood  as  being  universally  quantified  emd  their  scope  is  the  tuple 
in  which  they  appear  [KKR90]. 


BOOKED 


Room 

Time 

CON 

*1 

<1 

xt  -  WP212,  1  <  <1  <  7 

*a 

*2 

U  =  WP219,  1  <  f  2  <  w 

G(BOOKED)  :  5  <  w  <  8 


3.1  Semantics 

Let  us  first  define  two  special  kinds  of  valuations.  An  e-valuaiion  in  Mr  is  a  valuation  whose  domain  is 
restricted  to  the  set  EVARc-  Similarly,  a  u-valnation  in  Mr  is  a  valuation  whose  domain  is  restricted  to  the 
set  UVARc-  The  symbols  V'a/^  and  V’alJ^  wUl  denote  the  set  of  e-valuations  and  u-valuations  in  Mr 
respectively.  The  result  of  applying  an  e-valuation  v  to  an  indefinite  ^-constraint  relation  r  over  R  will  be 
denoted  by  v(r).  v(r)  is  an  iC-constraint  relation  over  R  obtained  from  r  by  substituting  each  e- variable  u 
of  r  by  the  constant  symbol  whose  denotation  in  structure  Mr  is  v(u;).  The  result  of  applying  a  u-valuation 
of  Mr  to  the  proper  part  of  a  tuple  can  be  defined  as  follows.  If  t  is  an  /^-constraint  tuple  on  scheme  R  and 
u  is  a  u-valuatioQ  in  Mr  then  u(t)  is  an  Mr-tuple  over  R  such  that  for  each  A^  R,  u(t)(A)  =  u(t(A)). 

The  semantics  of  an  ^-constraint  relation  is  given  by  the  function  points  [KKR90].  points  takes  as 
argument  an  /^-constraint  relation  r  over  R  and  returns  the  Mr-relation  over  R  which  is  finitely  represented 
by  r: 

points(r)  =  {«(/)  :  t  €  r,  u  €  and  Mr  t(CON)lu]}. 

The  semantics  of  an  indefinite  /^-constraint  relation  r  over  scheme  R  is  defined  to  be  the  foUowing  set  of 
Mr-relations: 

sem(r)  =  ■[poinfs(v(r))  :  there  exists  v  € 

The  function  rep  will  also  be  useful  in  the  rest  of  this  paper.  If  r  is  an  indefinite  /^-constraint  relation 
over  scheme  R  then  rep  gives  the.  set  of  /^-constraint  relations  represented  by  r: 

rep(r)  =  {v{r)  :  there  exists  t;  €  s.t.  Mr  |=  G(r)[v]} 

The  functions  points,  sem  and  rep  can  be  extended  to  databases  in  the  obvious  way.^ 

’The  above  definitiona  imply  that  indefinite  C-eoastramt  relations  an  inteipreted  in  a  eloted-viorli  fashion.  They  are 
assumed  to  represent  alt  facts  relevant  to  an  ^nplication  domain.  However  the  exact  value  of  any  attribute  of  these  facts  may 
not  be  known  precisely. 
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4  Declarative  Query  Languages 

[KKR90]  proposed  relational  calculus  with  C-conatrainta  as  a  declarative  query  language  for  ;C-constraint 
databaM.  In  this  section  we  propose  modal  relational  calculus  with  C'consirainis  as  a  declarative  query 
language  for  indefinite  /!-constraint  databases.  Similar  query  languages  have  been  investigated  in  [Lip79, 
Lev84,  Rei88]. 

Definition  4.1  Let  .R  be  a  database  scheme  and  R(Ci, .  ..,Cm)  be  a  relation  scheme.  An  expression  over 
Rin  modal  relational  calculus  with  £~constrainta\s  {R(Ci,. .  .,Cm)i*i/«ii  •  ■  OP  ^(*i, . 

where  s,-  6  sorts^C)  is  the  sort  of  C,,  OP  is  an  optional  modal  operator  O  or  ^  is  a  well-formed  formula 
of  relational  calculus  with  C-constrrunts  and  zi, . .  .,Xm  are  the  only  free  variables  of  If  an  expression 
does  not  contain  a  modal  operator  then  it  will  be  called  pure,  otherwise  it  will  be  called  modal. 

Let  us  now  define  the  value  of  expressions  in  modal  relational  calculus. 

Definition  4.2  Let  /  be  the  pure  expression  {R(Ci, Cm), xi/^i ,  -  ■  • , , . . . , Zm)}  over  R 
in  modal  rdational  calculus  with  C-constraints.  If  r  is  an  indefinite  ^-constraint  database  over  R  then  the 
value  of  /  on  input  database  f,  denoted  by  /(r),  is  the  following  set  of  M^-relations: 


{  {(ai,...,am)  €  dom(si)  x  ■■xdom(sm)  :  (Mc,Dom,P)  h  ^(«i.  •  ■ -.Om)}  :r'  6  sem(r)} 

The  above  definition  is  somewhat  problematic.  The  value  of  a  pure  expression  over  an  indefinite  £-constraint 
database  is  defined- to  be  an  unrestricted  set  whose  elements  are  unrestricted  sets  of  tuples!  Can  we  guarantee 
closure  as  required  by  the  constraint  query  language  principles  laid  out  in  [KKR90]?  In  other  words,  given 
a  pure  expression  /  of  modal  relational  calculus  with  ^-constraints,  and  an  indefinite  £-constraint  database 
f,  is  it  possible  to  find  an  indefinite  C-constraint  relation  which  finitely  represents  /(r)?  In  section  7,  we 
show  that  this  closure  property  can  indeed  be  guaranteed. 

Example  4.1  The  query  “Find  all  rooms  that  are  booked  at  6:00”  over  the  database  of  example  3.1  can  be 
expressed  as  {BOOKED.ATJS{Room),  zjV  :  BOOKBD{x,  6)}.  If  this  query  is  evaluated  using  the  method 
of  section  7,  the  answer  will  be  the  following  relation; 


BOOKED  JkT-6 


Room 

CON 

*1 

zi  =  WP212 

zj 

zj  =  WP219,  u>6 

This  answer  is  conditions/.  Room  WP212  is  booked  on  time  6.  However,  room  WP219  is  booked  on  time  6 
only  under  the  condition  that  u  is  greater  than  6. 

Definition  4.3  Let  /  be  the  modal  expression  {R(Ci,. ..,  Cm),  zi/ai,  ■■ -.Zm/sm  :  O  ^(zi, ..  .,Zm)}  over 
R  in  modal  relational  calculus  with  /^-constraints.  If  r  is  an  indefinite  £-constraint  database  over  R  then 
the  value  of  /  on  input  database  r,  denoted  by  /(r),  is  the  following  set  containing  a  single  Mf-relation: 

{  {(oi, . .  .,Om)  €  dom{si)  X  •  •  •  X  dom{sm)  :  for  every  Me— relational  database  F  €  sem(r) 

(Me,  Dom,  F)  d>{ai,  -  •  • ,  «»„)}  } 

The  vniue  of  a  O-expression  is  defined  in  the  same  way  but  now  the  quantification  over  Me-relational 
databases  in  sem(r)  is  existential.  Section  7  demonstrates  that  expressions  of  modal  relational  calculus  with 
/^-constraints  can  also  be  evaluated  bottom-up  in  closed  form.  In  summary,  for  every  expression  /  (pure  or 
modal)  in  modal  relational  calculus  with  /^-constraints  and  indefinite  C-constraint  database  r,  it  is  possible 
to  find  an  indefinite  £-constraint  relation  which  finitely  represents  /(r). 

Example  4.2  The  query  “Find  all  rooms  that  ate  possibly  booked  at  6:00”  over  the  database  of  example  3.1 
can  be  expressed  as  {POSSJOOKED^TJS{Room),x/V  :  OBOOKED{x,6)}.  If  this  query  is  evaluated 
using  the  method  of  section  7,  the  answer  will  be  the  following  relation: 
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POSS-BOOKEDJVTj6 


Room 

CON 

*1 

*1  =  WP2n 

Xi  =  WP219 

The  above  answer  is  uncondHional.  It  is  possible  that  both  rooms  WP212  and  WP219  are  booked  on  time 

6. 


The  next  lemma  demonstrates  an  intuitive  property  of  modal  relational  calculus  with  £-constraints.  If 
5  is  a  set  of  sets  then  fjiS  (resp.  (J<S)  denotes  the  set  (resp.  {U,e^s}). 

Lemma  4.1  Let  f  be  a  □-expression  (reap.  O-txprtaaion)  over  R  in  modal  relational  calculus  with  C- 
eonsirainia.  Lei  he  the  pure  expression  which  corresponds  to  f.  Then  for  all  indefinite  C-constraint 
databases  r  over  R,  f(r)  =  f)r(r)  (reap,  /(r)  =  \Jf(r)). 

5  Procedural  Query  Languages 

In  this  section,  we  briefly  sketch  three  procedural  query  languages,  one  for  each  of  the  models  discussed 
in  section  3:  the  Mc-relational  algebra,  the  C-consiraint  algebra  and  the  modal  C-constraint  algebra.  The 
Mr-relational  algebra  is  a  procedural  query  language  for  Mr-relational  databases.  It  is  interesting  only 
from  a  theoretical  point  of  view  because  Mr-relations  are  unrestricted.  The  operations  of  Mr-relational 
algebra  can  be  defined  verbatim  as  in  the  case  of  finite  relations  [KandO]. 

The  operations  of  the  ^-constraint  algebra  are  extensions  of  similar  operations  of  standard  relational 
algebra  [Kan90].  The  £-constraint  algebra  has  not  been  presented  in  [KKR.90]  where  the  model  of  £- 
constraint  databases  was  originally  defined.  However  it  can  be  easily  developed  given  the  algebraic  languages 
defined  for  the  models  of  [KSW90,  Kou93]',  these  models  are  essentially  instances  of  the  scheme  of  C-constraiat 
databases.  Detailed  deflations  can  be  found  in  [Kou94a]. 

The  operations  of  the  modal  C-constraint  algebra  take  as  input  one  (or  two)  indefinite  iC-constraint 
relations  associated  with  a  common  global  condition  and  return  an  indefinite  /^-constraint  relation  associated 
with  the  same  global  condition.  The  modal  /^-constraint  algebra  contains  an  operation  for  every  /^-constraint 
algebra  operation.  The  definitions  of  these  operations  were  originally  given  in  [Kou93]  for  the  special  case 
of  indefinite  dePCL-constraint  relations.^  These  operations  treat  e-variables  as  uninterpreted  parameters 
thus  they  are  defined  exactly  as  the  ^-constraint  algebra  operations.  Similar  operations  were  defined  in 
[IL84,  Gra89]  for  the  special  case  of  conditional  tables. 

The  modal  algebra  also  includes  two  additional  operations  POSS  and  CERT,  which  taJce  a  more  active 
stand  towards  e-variables.  Given  an  indefinite  /^-constraint  relation  r,  the  expression  POSS(r)  evaluates  to 
an  £-constraint  relation  which  finitely  represents  the  set  of  all  tuples  contained  in  any  relation  of  semf^). 
The  expression  CERT(r)  evaluates  to  an  /^-constraint  relation  which  finitely  represents  the  set  of  all  tuples 
contained  in  every  relation  of  sem(r). 

Possibility.  Let  r  be  an  indefinite  /^-constraint  relation  on  scheme  R.  Then  POSS(r)  is  an  C-consiraint 
relation  defined  as  follows: 

1.  8ch{POSS{r))  =  sch(r) 

2.  POSS(r)  —  {po8a{t)  :  t  €  r}. 

For  each  tuple  t  on  scheme  R,  poss(t)  is  a  tuple  on  scheme  R  such  that  pos8{t){R)  =t{R)  and  poss(i)(CON)  = 

where  ^  is  obtained  by  eliminsting  all  e-variables  from  the  boolean  combination  of  /^-constraints  G(r)  A 
t{CON).  The  expression  po88(t){CON)  is  well-defined  since  the  class  of  £-constTaiQts  admits  variable 
eliminatirm. 

Certainty.  Let  r  be  an  indefinite  ^-constraint  relation  on  scheme  R.  Then  CBRT{r)  is  an  /^-constraint 
relation  defined  as  follows: 

1.  8eh(CERT{r))  =  sch(r) 

*{Koil93]  nsM  tlie  term  temporal  iahlto  for  indefinite  dePCL-coactraint  relatione. 
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2.  CERr(r)  =  {cert(t)  :  t  €  rl}t. 

For  each  tuple  t  on  scheme  R,  eert(t)  is  a  tuple  on  scheme  R  such  that  eert(t)(R)  =  t{R)  aiid  cert{t)(CON)  = 
->ff>  whoe  ^  is  obtained  by  eliminating  all  e-variables  from  the  boolean  combination  of  £-constraints  G{r)  A 
-4{CON).  The  expression  cert{t)(CON)  is  well-defined  since  the  class  of  /^-constraints  admits  variable 
eliminatimi. 

The  operation  has  the  effect  of  denormalizing  £-constr^t  relation  r.  This  b  achieved  by  collecting  all 
tuples  {ti, . . . ,t|r|)  of  r  into  a  single  tuple  I'  on  scheme  R  such  that  t*{R)  =  (*i, . . . ,  *|/i|)  and  t'{CON)  = 
ti(CON)  V  •  •  •  V  <j,|(CO^).  In  the  new  tuple  t'  u-variables  have  been  standardized  apart;  xi,..  - 
are  brand  new  u-variables,  and  for  1  <  >  <  I**!,  ti(CON)  b  the  same  as  ti(CON)  except  that  t(X)  has  been 
substituted  by  t'(X)  for  each  X  €  R- 

The  operation  has  the  effect  of  normalizing  the  local  conditions  of  a  relation  r  in  order  to  obtain  a 
true  /^-constraint  relation.  Thb  b  done  by  the  following  three  steps: 

•  Application  of  De  Morgan’s  laws  to  transform  the  negated  parts  of  each  local  condition  of  r  into 
a  dbjunction  whose  diquncts  are  /^-constraints.  Thb  operation  b  well-defined  since  the  class  of  C- 
constraints  b  weakly  closed  under  negation. 

•  Application  of  the  law  of  associativity  of  conjunction  with  respect  to  dbjunction  to  transform  each 
local  condition  of  r  into  a  dbjunction  of  conjunctions  of  /^-constraints. 

•  Splitting  of  diquncts  into  different  tuples. 

Let  us  now  define  modal  jC-constraint  algebra  expressions. 

Definitioii  5.1  A  pure  expression  over  scheme  R  in  modal  £-conrtraint  algebra  b  any  well-formed  expression 
built  from  constant  /^constraint  relations,  relation  schemes  from  i2  and  the  above  operators  excluding  BOSS 
and  CERT.  A  modal  C-eonstraint  algebra  expression  b  a  pure  expression,  or  an  expression  of  the  form 
CERT{g)  or  POSS{g)  where  g  is  n  pure  expression.  Expressions  of  the  form  CERT(g)  or  POSS{g)  are 
called  CERT-expressions  or  POSS-expressions  respectively. 

Modal  /^-constraint  algebra  expressions  define  functions  from  indefinite  /^constraint  databases  to  indef¬ 
inite  ^-constraint  relations.  The  result  of  applying  an  expression  e  to  an  indefinite  /^-constraint  database 
r  b  defined  as  for  the  /^-constraint  algebra.  Let  us  simply  stress  that  G(e(r))  =  G(r)  for  all  indefinite 
£-constraint  databases  r  and  expressions  e  over  R. 

The  following  lemma  gives  an  intuitive  property  of  POSS  and  CERT. 

Lemma  5.1  Let  e  he  a  pure  egression  over  scheme  R  in  modal  C~constraint  algebra.  Then  for  all  indefinite 
C-constraint  daitabases  r  over  R 

sem{CERT{e(r)))  =  pj  sem(e(r))  and  scm(P055(e(r)))  =  p|sem(e(r)). 

6  On  the  Semantics  of  Algebraic  Query  Evaluation 

Let  r  be  an  C-constraint  database,  e  an  £-constraint  algebra  expression  and  el  its  corresponding  M^- 
relational  algebra  expression.  Recall  that  an  £-constraint  relation  r  b  a  finite  representation  of  the  unre¬ 
stricted  set  of  tuples  points(r).  The  following  theorem  shows  that  the  operations  of  C-constraint  algebra 
“behave”  according  to  our  intuitions:  when  we  evaluate  e  on  r,  we  essentially  evaluate  el  on  the  unrestricted 
relation  points{r). 

Theorem  6.1  Let  e  be  an  C-constraini  algebra  expression  over  R^nd  el  be  its  corresponding  Me -relational 
algebra  expression.  If  r  is  an  C-constraint  database  over  scheme  R,  then  point8{e(r))  =  el(potnt5(r)). 

Let  us  now  assume  that  r  b  an  indefinite  C-constraint  database,  e  b  a  pure  expression  of  modal  C- 
constraint  algebra  and  el  b  its  corresponding  expression  in  C-constraint  algebra.  Recall  that  the  semantic 
function  sem(r)  returns  all  the  “possible  worl(b”  represented  by  r.  When  we  evaluate  e  on  indefinite 
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£-coD8traint  database  r  using  the  operations  defined  above,  we  essentially  evaluate  the  corresponding  Mr- 
relational  algebra  expression  on  each  possible  world  in  sem(r).  As  discussed  in  [Iini89],  an  extension  of 
an  Mr-relational  algebra  expression  el  to  an  expression  e  for  an  ^-constraint  representation  of  indefinite 
information  can  claim  to  be  ‘Yaithful  to  the  underlying  semantics”  if  and  only  if  for  every  indefinite  £- 
constraint  database  r , 

sem(e(r))  =  el(sem(r))  =  {el(»*i)  :  ri  €  sem(r)}. 

Equivalently,  one  would  like  to  guarantee  that  there  is  always  an  indefinite  ^-constraint  database  P  such 
that  seni(P)  =  el(sem(r)).  The  following  theorem  demonstrates  that  ^-constraint  databases  satisfy  this 
form  algebraic  closure. 

Theorem  6.2  Let  e  ie  a  pure  expression  of  modal  C-constraint  algebra  over  R,  el  its  corresponding  £- 
eonsiraint  algebra  expression  and  el^tts  corresponding  iAc~relational  algebra  expression.  If  r  is  an  indefinite 
C'constraini  database  over  scheme  R  then  rep(e(r))  is  eguivalent  to  el(rep(r))  and  sem(e(r))  =  e2(sem(r)). 

The  above  theorems  are  summarized  gr^hically  in  the  commutative  diagram  of  figure  1  where  Mc-RDB 
denotes  the  set  of  all  Mr-relational  databases,  C-CDB  denotes  the  set  of  all  £-constraint  databases  and 
C-ICDB  denotes  the  set  of  all  indefinite  £-constraint  databases.  Since  the  above  results  have  been  proved 
in  our  genaal  framewwk,  special  cases  of  constraint  databases  [KKR90,  KSW90,  Kou93]  can  simply  refer 
to  these  thecnems  to  demonstrate  the  “correctness”  of  the  (derations  of  their  algebraic  query  languages. 

7  IVanslating  Calculus  Expressions  into  Algebraic  Expressions 

In  this  section  we  show  that  expressions  of  modal  relational  calculus  with  £-constraint8  have  equivalent 
expressions  in  modal  £-constraint  algebra.  Thus  we  can  evaluate  a  calculus  expression  hy  evaluating  an 
equivalent  algebraic  expression.  As  we  have  seen  in  section  5,  algebraic  query  evaluation  can  be  done 
bottom-up  and  the  answer  is  obtained  in  closed  form.  Therefore  calculus  expressions  can  also  be  evaluated 
bottom-up  in  closed  form  on  indefinite  £-constraint  databases.  [Kou94^  gives  an  alternative  proof  of  this 
result  1^  employing  quantifier  elimination  techniques  as  suggested  in  [KKR90]. 

We  start  by  considering  the  simpler  case  of  £-constraint  databases.  [KKR90]  has  showed  that,  for  several 
languages  £,  expte88i<ms  of  relational  calculus  with  £-constraints  can  be  evaluated  bottom-up  in  closed  form 
on  £-c(»stramt  databases.  The  following  theorem  generalizes  this  result  in  the  abstract  setting  of  this  paper. 

TlMormn  7.1  For  every  expression^f  over  R  in  relational  calculus  with  £-constraints  there  exists  an  £- 
constant  algebra  expression  e  over  R  such  that  the  following  property  holds.  Ifr  ts  an  C-constraint  database 
over  R  then  /(r)  =  potnts(e(r)). 
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L«t  us  note  heie  that  the  analogous  proofe  of  [KKR90]  rely  on  quantifier  elimination  methods  which 
achieve  good  data  complexity  lower  bounds  but  do  not  seem  to  have  practical  implementations.  In  contrast, 
the  above  theorem  provides  a  translation  of  calculus  expressions  into  algebraic  expressions.  We  believe  that 
this  translation  can  be  the  first  step  in  optimising  the  evaluation  of  expressions  in  relational  calculus  with 
^-constraints. 

Let  us  now  turn  to  modal  relational  calculus  with  ^-constraints  and  modal  ^-constraint  algebra. 

Lemma  7.1  Let  e  be  a  pure  expreseion  over  R  in  modal  C~constraint  algebra  and  e'  be  its  corresponding  £- 
ceastraint  algebra  expression.  Then  sem(e(f))  =  {points(e'(P)) :  P  €  >‘ep(r)}  for  all  indefinite  C-conatraint 
databases  r  over  R. 

The  following  theorem  demonstrates  that  pure  expressions  of  modal  relational  calculus  with  /^-constraints 
over  indefinite  £-constraint  databases  can  also  be  evaluated  bottom-up  in  closed  form. 

Theorem  7.2  For  ever^  pare  expression  f  over  R  in  relational  calculus  with  £-constraints  there  exists  a 
pure  expression  e  over  R  in  modal  C~conatraint  algebra  such  that  the  following  property  holds.  If  r  is  an 
indefinite  £~eonstraint  database  over  R  then  f(r)  =  sem(e(r)). 

xample  7.1  The  algebraic  expression  equivalent  to  the  calculus  expression  of  example  4.1  is 

aHoam  i<fTifn*=e(BOOKED)) . 

Finally  we  turn  to  modal  expressions. 

Theorem  7.3  Let  f  be  a  D-expreasion  (reap,  ^-expression)  over  R  in  modal  relational  calculus  with  £- 
constraints.  Then  there  exists  a  CERT-expression  (reap.  POSS-exprtasion)  e  over  R  in  modal  £-constraint 
algebra  such  that  the  following  property  holds.  If  r  is  an  indefinite  E-constraint  database  over  R  then 
f(r)  m  sem(eir)). 

Example  7.2  The  algebraic  expression  equivalent  to  the  calculus  expression  of  example  4.2  is 

POSS{xR„^iaTim,^e{BOOKED))). 


8  Related  Work 

The  results  of  this  study  are  extended  in  [Kou94b,  Kou94a]  where  we  concentrate  on  temporal  constraint 
databases  (with  or  without  indefinite  information).  In  particular,  we  study  the  complexity  of  query  evaluet- 
tion  in  £-c(»i8traint  databases  and  indefinite  ^-constraint  databases  where  £  ranges  over  several  temporal 
constraint  languages  (including  dePCL).  Our  analysis  shows  that  the  worst-case  data/combined  complex¬ 
ity  of  query  evaluation  does  not  change  when  we  move  from  queries  in  relational  calculus  over  relational 
databases,  to  queries  in  relational  calculus  with  temporal  constraints  over  temporal  constraint  databases. 
This  fact  remains  true  even  if  we  consider  indefinite  relational  databases  vs.  indefinite  temporal  constraint 
databases.  Unfortunately,  the  presence  of  indefinite  information  makes  query  evaluation  intractable  in  many 
cases.  Our  analysis  complements  the  results  of  [Rev90,  CM93]  and  extends  the  results  of  [KKR90,  vdM92]. 
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Abstract 

This  paper  provides  a  framework  for  solving  general  constraint  satisfaction  problems  (CSPs) 
with  continnons  variables.  Constraints  are  represented  by  a  hierarchical  binary  decomposition  of 
the  space  of  feauble  values.  We  propose  algorithms  for  path-  and  higher  degrees  of  con^tency 
based  on  lo^cal  operations  defined  on  the  constr^t  representation  mentioned  above  and  we 
demonstrate  that  this  algorithms  terminate  in  polynomial  time.  We  show  that,  in  analogy  to 
convex  temporal  problems  and  discrete  row-convex  problems,  convexity  properties  of  the  solution 
spaces  can  be  exploited  to  compute  minimal  and  decomposable  networks  using  path  consistency 
algorithms.  Based  on  this  properties,  we  also  show  that  a  certain  class  of  non  binary  CSPs  can 
be  solved  using  strong  5-consistency. 

1  Introduction 

In  the  general  case,  constraint  satisfaction  problems  (CSPs)  are  NP-complete.  IVying  to  solve 
them  by  search  algorithms,  even  if  theoretically  feasible,  often  results  in  prohibitive  compu¬ 
tational  cost.  One  approach  to  overcome  this  complexity  consists  of  pre-processing  the  ini¬ 
tial  problem  using  propagation  algorithms.  These  algorithms  establish  various  degrees  of  local 
consistency  which  narrow  the  initial  feasible  domain  of  the  variables,  thus  redudng  the  subse¬ 
quent  search  effort.  IVaditional  consistency  techniques  and  propagation  algorithms  —  such  as 
the  Waltz  propagation  algorithm —  provide  relatively  poor  results  when  applied  to  continuous 
CSPs:  they  ensure  ndther  completeness  nor  convergence  in  the  general  case  (a  good  insight 
of  the  problems  encountered  can  be  found  in  [1]}.  However,  Faltings  [5]  has  shown  that  some 
undesirable  features  of  propagation  algorithms  with  interval  labels  must  be  attributed  to  the 
inadequacy  of  the  propagation  rule  and  to  a  lack  of  predsion  in  the  solution  space  description. 
He  has  also  demonstrated  that  the  problem  with  local  propagation  cotild  be  resolved  by  using 
total  eonstraintson  pairs  of  variables.  Lhomme  [11]  has  identified  similar  problems  and  proposed 
an  interval  propagation  formalism  based  on  bound  propagation. 

Van  Beek’s  work  on  temporal  reasoning  [15]  using  Helly’s  theorem  has  shown  the  importance 
of  path-consistency  for  achieving  ^obaUy  consistent  labellings.  In  certain  cases,  path-consistency 
algorithms  are  difficult  to  implement  in  continuous  domains  because  they  require  intersection 
and  composition  operations  on  coiutraints.  We  propose  a  constraint  representation  by  recursive 
decomposition  Mtnila-r  to  the  one  described  by  Tanimoto  in  [14]  which  allows  to  implement  these 
operatioru.  This  allows  us  to  apply  Helly’s  theorem  to  general  continuous  constraint  satisfaction 
problems.  The  results  obtained  for  temporal  CSPs  could  therefore  be  generalized  to  less  spedfic 
classes  of  continuous  CSPs. 

*A  vemoa  of  this  pspez  wiU  be  published  in  ECATZd 
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Figure  1:  Figure  (a)  illustrates  a  hmary  relation  given  intensiorudly  by  the  two  inequalities 
y  >  (x  —  5)’  and  y  <  4  -  (x  -  6)^.  determines  the  region  r.,  and  is  both  y-  and  x-convex: 
the  projection  ofr^  respectively  over  the  x  and  y  axes  yields  single  bounded  intervals  (resp.  I. 
and  I^).  In  Figure  (b),  the  relation  R^  is  given  iniensionally  by  the  constraints  y  >  l/(x  —  5)^ 
and  y  <  4  —  (x  ~  6)’.  In  this  last  ease,  the  relation  is  only  y-amvex  smce  its  projection  over  the 
X  axis  yteUs  two  distinct  intervals  /,!  oind  /.a. 

In  the  following,  a  continnoos  CSP  (CCSP),(P  =  (V,  D,  R)),  is  defined  as  a  set  V  of  variables 
Xi,Xa, ...Xn,  taking  thm  values  respectively  in  a  set  D  of  continuous  domains  Di,Dt,..  .,Dn 
and  constrained  by  a  set  of  relations  Ri, . . . ,  Rn,.  A  domain  is  an  interval  of  %.  A  relation  is 
defined  intensionally  by  a  set  of  algebraic  equalities  and  inequalities  (see  figure  1).  A  relation 
Rij  is  a  total  constr^t:  it  takes  into  account  the  whole  set  of  algebraic  constraints  involving 
the  variables  t  and  j.  Each  variable  has  a  label  defining  the  set  of  possible  consistent  values. 
The  label  X,  of  a  variable  x  is  represented  as  a  set  of  intervals  {7,,i  s  [x^j^,!  •  •  i],  ■ . 

2  Constraint  and  Label  Representation 

Constraints  on  continuous  variables  are  most  naturally  represented  by  algebraic  or  transcenden¬ 
tal  equations  and  inequalities.  However,  as  Fbltings  [5]  has  shown,  this  leads  to  incomplete  local 
propagation  when  there  are  several  simultaneous  constraints  between  the  same  variables.  More 
importantly,  making  a  network  path-consistent  requires  computing  the  intersection  and  union 
of  constraints,  operations  which  cannot  be  performed  on  (in)equalities.  It  is  therefore  necessary 
to  explicitly  represent  and  manipulate  the  sets  of  feasible  value  combinations. 

Providing  each  variable  with  an  interval  label  implicitly  represents  feasible  re^ons  by  en¬ 
closing  rectanj^  or  hypercubes.  As  shown  in  F^ure  2,  this  is  not  powerful  enough  for  repon 
intersection  operations.  To  define  a  more  precise  and  yet  efiicient  representation,  we  observe 
that  most  applications  satisfy  the  following  two  assumptions: 

•  each  variable  takes  its  values  in  a  bounded  domain  (bounded  interval) 

•  there  often  exists  a  maximuni  preduon  with  which  results  can  be  used. 

Provided  that  these  two  assumptions  are  verified,  a  relation  can  be  approximated  by 

carrying  out  a  hierarchical  binary  decomposition  of  its  solution  space  into  2*-trees  (quadtrees 
for  binary  relations,octrees  for  ternary  ones  etc. ..)(8ee  Figure  3).  A  niTnil^tr  representation 
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Figoie  2:  The  enclosing  rectangle  of  an  interseetion  of  regions  Ri  and  Rt  is  in  general  different 
from  the  intersection  of  the  enclosing  rectangles  of  Ri  and  R2. 

has  recently  been  proposed  by  Tkoimoto  for  representing  spatial  constraints  [14].  When  a 
relation  is  determined  by  ineqyalities,  it  can  be  approximated  by  a  2*-tree  where  each  node 
represents  a  k-dimensional  cubic  snb*region  of  the  orif^al  domain  (i.e.  the  domain  over  which 
the  decomposition  is  carried  ont).  A  node  has  one  of  three  possible  states: 

•  white:  if  the  region  it  defines  is  completely  legal 

•  gray,  if  the  repon  is  partially  legal  and  partially  illegal 

•  black  if  the  region  is  completely  illegal 

When  a  black  or  white  node  is  identified,  the  recursive  division  stops.  Each  gray  k-dimensional 
cube  is  decomposed  into  2*  smaller  ones  whose  sides  axe  half  times  the  length.  Unless  the  bound¬ 
aries  of  a  repon  are  parallel  to  the  coordinates  axes,  infinitely  many  levels  of  representation  are 
required  to  accurately  represent  a  repon.  However,  since  the  maximum  precision  is  fixed,  wy 
gray  node  with  a  smaller  use  than  the  maximum  granularity  can  be  declared  black  and  the 
decomposition  stops. 

Equalities  In  the  case  of  equality  constraints,  a  strict  application  of  the  binary  decomposition 
into  2*-tree  described  before  would  amount  to  pursuing  the  decomposition  to  infinity  since  an 
infinite  degree  of  precision  is  required  to  represoxt  solutions  which  are  points.  We  can  avoid 
this  problmn  by  exploiting  the  fact  that  many  practical  applications  require  a  limited  degree  of 
precision  and  it  is  then  admissible  to  treat  equalities  with  a  certain  error  range.  Presently,  our 
system  translates  strict  equalities  /(si, . .  .x^)  =  C  into  a  weaker  form,  /(xi, . .  .xt)  =  C  ±  e/2, 
where  e  is  the  maximum  predsion  fixed,  as  defined  for  inequalities.  This  amounts  to  replacing 
each  equality  by  two  inequalities. 

3  Consistency  algorithms  using  2*-trees 

Path  consistency  algorithms,  such  as  PC-1  [13]  and  PC-2  [12]  require  the  application  of  the 
ftdlowing  update  rule  defined  on  constraints: 


ft 


(1) 
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Figure  3:  A  Unary  relation  can  be  approximated  by  carrying  out  a  hierarchical  binary 
decompoaition  of  its  solution  space  into  a  quadtree 

This  rdaxation  operation  uses  two  binary  operators  (intersection  and  composition,  denoted 
respectively  by  0  and  ®)  and  a  unary  one  (projection,  denoted  by  [])>  which  can  be  defined  on 
2*>trees.  Since  all  variables  are  decomposed  within  the  same  interval  (see  figure  4),  intersection  is 
amply  the  lopcal  intersection  of  the  corresponding  quadtrees  and  can  be  carried  out  efficiently: 
pven  an  ordering  vthiie  <  gray  <  black  the  intersection  operator  can  be  defined  as  co/or(nodei0 
nodci)  =  Max(color(nodei),  eolor{node^)). 

Information  on  a  k-dimensional  node  can  be  sbnply  derived  by  composing  its  facets  ((k-1)- 
dimensional  nodes)  {calor{nodei  0  node^)  —  Max(eolor(nodei),c(dor{node2)))t  and  vice  versa, 
information  on  a  (k-l)>dimensional  node  can  be  obtained  by  pn^ecting  the  k-dimensional  node 
over  one  of  its  facets  (  eolor(n*(nodei))  =  Min{color{nodei)),  wWe  nodci  are  the  nodes  having 
nodei  as  facet). 

The  operators  required  for  path  consistency  algorithms  (and  their  generalization  for  higher 
degrees  of  consistency)  can  therefore  be  implemented  as  straightforward  logical  rather  than 
numerical  operations. 

N-aury  CSPs  In  many  realistic  problems,  the  constraints  are  not  binary,  but  n-ary.  However, 
each  n-aiy  constraint  can  be  reduced  to  a  set  of  ternary  constraints  without  loss  of  information. 
An  n-ary  algebraic  ration,  C(xi,. . .x„),  can  be  transformed  into  a  set  of  ternary  algebraic 
expressions  by: 

i.  replacing  iteratively  in  C  each  sub-expression  <  Xj  operator  x,-  >  by  a  new  variable  x^+i 

ii.  adding  a  ternary  equality  constraint  Xn+i  =<  Xj  operator  xy  > 

The  process  stc^s  when  C  itself  becomes  ternary.  This  transformation  is  only  based  on  sym¬ 
bolic  manipulations  and  consequently,  no  information  is  lost  in  the  solution  space  description. 
For  example,  the  5-ary  CSP  with  one  constraint  ,(x  -  y)’  -t-  >  2,  can  be  translated  into  a 

ternary  one  with  three  constraints:  wj  +  {w^lu)  >  2,  wi  =  x  -  y,  v)2  =  z  + 1.  Hence,  address¬ 
ing  n-ary  continuous  CSPs  amounts  to  giving  the  ternary  counterparts  of  the  algorithms  and 
representation  used  for  solving  binary  continuous  CSPs. 

Constructing  2*>tree  representations  A  total  binary  constraint  is  ^ven  intensionally 
by  a  set  of  algebraic  equations  {Ci . . .  Ci).  The  quadtree  approximation  T^y  of  a  binary  relation 
R^  can  be  obtained  as  follows: 
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Figure  4:  In  a  binary  CCSP  with  three  variables  (x,  y,  z),  the  octree  obtained  by  composing  the 
gnadtrees  Tag,  T^m  ond  vtUl  give  all  the  consistent  instantiations  according  to  the  chosen 
granvlarity  (white  evbes) 

For  each  C.  €  (Ci . .  .Ci)  Do 

1.  build  a  quadtree  representation  7^  for  the  basic  constraint  Ci 

2.  r„  = 

Constructing  the  quadtree  representation  of  an  individual  algebraic  constraint,  require  a 
procedure  for  determining  the  color  of  each  sub-region  (rectangle)  created  by  the  recursive  dc- 
compositlon.When  the  constraint  curve  determines  a  transversal  segment  within  the  considered 
rectangle,  testing  for  the  rectangle  color  amounts  to  finding  an  intersection  of  its  boundaries 
with  the  curve.  This  test  requires  iterative  numerical  analysis  in  the  general  case.  On  the  other 
hand,  when  the  curve  is  closed  more  complicated  treatment  must  be  accommodated.  Comput¬ 
ing  octrees  for  representing  ternary  relations  can  be  carried  out  similarly  to  the  case  of  binary 
relations. 

4  Global  consistency  in  constraint  networks 

A  minimal  network  is  globally  consistent  (all  the  constraints  are  as  explicit  as  possible  in  the 
network)  while  a  decomposable  network  allows  for  a  hacktrack-free  search  of  the  solution  (the 
search  process  can  generally  be  carried  out  in  linear  time).  In  this  work  we  show  that  certain 
convexity  properties  of  the  solution  space  allows  for  computing  minimal  and  decomposable 
network  in  polynomial  time  for  a  continuous  CSPs. 

Encoura^ng  results  have  been  obtained  for  continuous  CSPs  in  the  domain  of  temporal 
reasoning:  Dechter,  Meiri  and  Pearl  [2]  have  shown  that  for  simple  temporal  problems  (STP), 
where  labels  have  to  be  convex  intervals  (i.e:  disjunctive  constraints  are  not  allowed),  the  min¬ 
imal  constraint  network  can  be  constructed  in  polynomial  time  by  ensuring  path  consistency. 
Similar  results  have  been  obtained  by  Van  Seek  [15]  on  a  subset  of  the  Allen’s  interval  algebra 
excluding  the  binary  relation  B«cently,Van  Beek  [16]  has  generalized  the  convexity  prop¬ 
erty  to  the  case  of  discrete  CSPs:  a  property  of  discrete  constraints  —  called  row-convezity  — 


has  been  identified  that  guarantees  the  minimality  and  the  decomposability  of  the  constraint 
network  when  path  consistency  is  ensured. 

Although  the  convexity  properties  exploited  in  temporal  and  row-convex  discrete  problems 
derive  mainly  from  results  in  the  continuous  domain  (see  Helly’s  theorem  for  convex  sets  [15]), 
no  framework  has  been  defined  to  exploit  them  in  the  case  of  general  continuous  CSPs.  This 
is  because  the  restriction  imposed  by  the  convexity  condition  on  algebraic  continuous  solution 
spaces  is  too  strong.  In  this  work,  we  show  that  the  arcwise  connectivity  property  (a  weaker 
condition)  is  sufident  for  generalizing  the  results  obtained  in  simple  temporal  [2]  and  row-convex 
discrete  [16]  domains  to  continuous  CSPs. 

In  simple  temporal  problems  (STPs)  constrmnts  take  the  form  of  bounded  differences  bi  < 
Xi  —  Xj  <  63  where  [6163]  has  to  be  a  single  interval.  This  condition  amounts  to  saying  that 
each  variable  takes  its  value  within  a  single  interval  (convex  interval).  Path  consistent  STPs 
can  be  solved  by  backtrack-free  search.  The  key  observation  is  that  this  solution  requires  the 
convexity  property  oniyfor  each  individual  variable  domain.  Hence,  generalizing  to  non-temporal 
continuous  CSPs  would  amount  to  imposing  convexity  conditions  only  on  the  projections  of  the 
solution  space  over  the  different  axes  involved  (the  convexity  condition  is  required  only  on 
projected  intervals). 

Consequently,  for  generalizing  the  results  obtained  for  STPs,  it  is  suffident  that  the  solution 
space  verifies  the  arctoise  connectivity  property. 

The  arcwise  connectivity  requirement  is  dearly  weaker  than  convexity:  a  k-ary  relation, 
defined  on  a  set  of  k  variables  V  =  Zi,...,Xfe  and  determining  a  convex  region  has  convex 
projections  for  each  variable  Xi  of  V.  However,  the  converse  is  not  true,  a  region  may  have 
convex  projections  for  each  involved  variable  x  without  bdng  convex. 

4.1  Convex  binary  CCSPs 

Let  first  describe  how  convexity  properties  can  be  exploited  in  the  case  of  bmary  constraints. 
The  case  of  n-ary  constraints  will  be  dealt  with  later  on.  We  define: 

Definition  1  ;  x- Convexity  property 

i.  Let  r  be  a  bi-dimensional  region  defined  by  a  set  of  algebraic  constraints  on  two  variables 
Xi  and  Xj.  r  is  said  to  be  XfConoex  in  the  domain  if  its  projection  over  the  xjt  axis 
yields  a  convex  interval  (k  € 

H.  A  binary  relation  is  Xfconvex  in  the  domain  if  it  determines  a  Xk-convex 

region  in 

Definition  2  ;  Convex  constraint  network 

A  constraint  network  representing  a  CCSP  (V,D,R)  is  convex  if  for  all  relation  R^^^^^inR, 
Rxi,Xj  is  Xk-convex  for  each  k  in  {i,y}. 

Continuous  constraint  satisfaction  problems  (CCSPs)  having  convex  constraint  network  rep¬ 
resentations  are  the  generalized  counterparts  of  simple  temporal  problems  (STP)  as  defined 
in  [2].  Since  an  arcwise  connected  region  in  is  a  single  dosed  and  bounded  sub-region  of  R*, 
the  x-convexity  property  is  verified  for  each  relation  determining  an  arcwise  connected  set. 

Note  finally  that  CCSPs  induding  disjimctive  or  non-linear  constraints  may  admit  no  convex 
constraint  network  representation  since  these  type  of  constraints  often  create  splits  in  the  solution 
space. 
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Now,  we  are  in  position  to  extend  the  main  theorem  of  Van  Beeh  (theorem  1  of  [16])  to  the 
case  of  CCSPs.  We  first  have  to  extend  the  lemma  on  which  hie  proofs  are  based.  This  can  be 
done  as  follows: 

Definition  S  ; 

Let  and  two  xt-amvex  hi-dimensional  regions.  The  Xi-interseetion  ofr^  and  r*  is 
defined  as  the  inierseetion  of  their  projeeiion  over  the  Xi  axis. 

Lemma  1  Let  F  be  a  finite  collection  of  z-eonvex  regions  in  B}.  If  .Fis  swh  that  every  pair 
of  regions  have  a  non  null  x-intersection,  then  the  x-intersection  of  all  these  regions  is  not  null 
(Le:  there  exist  at  least  one  value  v  for  x  so  that  each  region  r^^y  contains  a  point  (v,  where 
Vi  is  a  possible  value  for  y) 

Proof.  This  lemma  is  a  direct  application  of  Helly’s  theorem  to  the  case  of  R’. 

We  can  generalize  the  theorem  as  follows: 

Theorem  1  A  binary  constraint  network  which  is  convex  and  path-consistent  is  minimal  and 
decomposable 

Proof.  Analogous  to  the  one  given  in  [16]. 

Theorem  4  in  [16]  generalizes  then  to  the  case  of  x-convex  relations: 

Theorem  2  Let  N  be  a  path  consistent  binary  constraint  networh.  Jf  there  exists  an  ordering 
of  the  variables  Xx,  • .  .*n  «ieh  that  each  relate  of  N  1  <  J  <  »,  is  Xt-convex,  then  a 

consistent  instantiation  can  be  found  without  backtradeing. 

Proof:  The  proof  derives  from  the  generalization  of  the  backtrack-free  instantiation  algorithm 
proposed  by  Van  Beek  in  [16]. 

4.2  Convex  n-ary  CCSPs 

As  stated  before,  generaliring  to  n-ary  CCSPs  the  results  described  before  for  binary  CCSPs 
amoxmts  to  ^ving  the  ternary  counterparts  of  theorems  1  and  2. 

Global  consistency  for  ternary  CCSPs  The  x-convexity  property  generalizes  straightfor¬ 
wardly  to  the  case  of  non  binary  CCSPs.  In  the  case  of  ternary  constraints,  the  generalization 
of  lemma  1  can  be  used  to  prove  the  decomposability  of  the  constrmnt  network  only  if  each  pair 
of  ternary  rdations  have  a  non  null  x-intersection.  Two  ternary  relations  Rixji,k  and 
have  a  non  null  k-intersection  when  each  subset  of  five  variables  (ii,i2,ii,  ja,ib)  are  consistently 
labdled.  In  the  particular  case  where  each  pair  of  ternary  constraints  have  two  variables  in 
common,(i.e:  ii  =  ij  or  ji  or  jj),  the  number  of  variables  that  must  be  consistently  labdled 
reduces  to  four  and  strong  4-consistency  is  suffident  for  the  network  to  be  decomposable.  Hence, 
theorem  1  generalizes  to  ternary  constraints  as  follows: 

Theorem  S  A  ternary  constraint  network  which  is  convex  and  strong  5-consistent  is  minimal 
and  decomposable.  Furthermore,  in  the  particular  case  where  each  pair  of  relations  share  two 
variables,  strong  4-consistency  is  enough  to  ensure  that  a  convex  ternary  constraint  network  is 
minimal  and  decomposable. 
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Siofe  the  translation  of  an  n-aiy  network  into  a  ternary  one  is  done  at  the  cost  of  increasing 
the  number  of  variables,  the  practicality  of  5-consistency  for  n-ary  CCSPs  is  still  an  open  ques¬ 
tion.  This  result  is  mainly  intended  to  provide  a  theoretical  bound  for  solving  certain  classes  of 
n-ary  CCSPs  in  a  complexity  better  than  exponential. 

4.3  Non-convex  CCSPs 

A  general  CCSP  may  admit  no  convex  constraint  network  representation.  Moreover,  even  if  the 
initial  problem  is  convex,  consistency  algorithms  may  not  preserve  this  property  since  intersect¬ 
ing  two  non  convex  —  even  if  arcwise  connected —  regions  may  result  in  an  arbitrary  number 
of  distinct  arcwise  connected  sub-regions.  We  can  distinguish  three  classes  of  CCSPs: 

i.  CCSPs  where  all  the  relations  determine  convex  regions 

ii.  CCSP  where  each  rdation  determining  a  non  arcwise  connected  solution  space  is  consti¬ 
tuted  by  a  set  of  convex  re^ons. 

iii.  CCSPs  where  there  exist  non  convex  redone 

In  case  t.,  since  the  intersection  of  two  convex  regions  is  necessarily  a  compact  region,  consistency 
algorithms  will  preserve  the  convexity  of  the  constraint  network  representation.  Hence,  problems 
of  this  first  category  can  be  solved,  with  no  farther  search,  using  partial  consistency  algorithms 
(as  stated  in  theorems  1  and  3).  In  case  n.,  the  problem  can  be  decomposed  into  convex 
sub-problems  (one  for  each  possible  combination  of  convex  sub-region).  Each  sub-problem  is 
of  type  i.  Solution  to  the  whole  problem  can  be  determined  by  solving  individually  each  sub¬ 
problem  and  then  combining  their  solutions.  Even  if  the  complexity  is,  in  this  case,  exponential 
in  the  number  of  disjmnt  convex  sub-regions,  the  computational  effort  can  be  bounded  a  priori 
since  consistency  algorithms  cannot  create  new  case  splits  in  the  individual  sub-problems.  In 
the  last  case  finally,  the  splitting  problem  (similar  to  the  one  described  in  [10])  may  occur  and 
the  complexity  is  difficult  to  estimate.  In  the  best  case,  the  consistency  algorithm  may  create 
a  convex  constraint  network  from  a  set  of  non-convex  relations.  In  the  worst  case  however, 
the  intersection  of  each  pair  of  non  convex  regions  may  result  in  an  undetermined  number  of 
disjoint  new  sub-r^ons  which  can  in  turn  split  again.  Practical  solutions  (such  as  stopping  the 
splitting  process  when  the  maximum  predsion  is  reached)  can  be  used  to  bound  the  combinatorial 
explosion,  but  in  general  the  complemty  remains  exponential  for  CCSPs  of  type  iii 

5  Complexity  of  Consistency  algorithms 

The  compledty  of  the  intersection,  compoution  and  projection  operators  on  2^-tree8  can  be 
roughly  estimated  in  terms  of  the  number  of  nodes  generated  by  each  operation.  0(2^**^*) 
(where  s  is  the  maximum  domain  size  and  e  the  tightest  interval  size  accepted  for  variables) 
pves  a  rough  approximation  of  the  complenty.  This  measure  assume  that,  in  the  worst  case,  a 
2*-tree  resulting  from  a  given  operation  is  complete.  A  more  realistic  measure  can  be  done  in 
terms  of  the  number  of  gray  nodes  generated,  since  the  recursive  quartering  stops  as  soon  as  a 
node  color  is  set  to  white  or  black.  We  can  show  that  this  meewure  is  function  of  the  boundaries 
size  of  the  solution  space.  Furthermore,  2*-tree  structures  are  by  nature  well-adapted  to  parallel 
processing.  Parallel  implementation  of  the  intersection,  composition  and  projection  are  likely 
to  reduce  ngnificantly  the  complexity.  Important  improvements  in  time  and  space  complexity 
can  also  be  achieved  by  storing  and  processing  only  the  white  nodes  (see  linear  quadtrees  in  [9]). 
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Convex  Binary  CCSPs  The  algorithm  PC-2  can  be  implemented  using  eq.  1  by  way  of 
the  revise  function.  According  to  the  definitions  of  0  and  ®  for  2‘-tree8,  the  relaxation 
operation  described  by  eq.  1  is  monotonic.  Moreover,  since  the  region  decomposition  into  2^-trees 
discretises  the  solution  space,  showing  that  PC-1  (and  hence  PC-2)  terminates  and  computes 
a  path-consistent  network  using  the  relaxation  operation  T-^  =  Tij  0  Tiu  0  Tij,  can  be  done 
similarly  to  the  case  of  discrete-domains  CSPs  (see  [13]).  The  worst  case  running  time  of  PC-2 
occurs  when  each  revision  step  suppresses  only  one  node  from  the  considered  relation  (i.e.  the 
node  becomes  black),  hence: 

Theorem  4  PCri  compiles  the  path  consistent  network  representation  of  binary  CCSPs,  {V,  D,  R), 
in  0(2(^**^*)n^)  where  s  ia  the  largest  interved  size  in  D  and  e  the  tightest  interval  size  accepted 
for  variables  of  V. 

According  to  theorem  1,  when  the  path  consistent  network  computed  by  PC-2  is  convex,  it  is 
also  minimal  and  decomposable.  Similarly,  we  can  demonstrate  that  strong  5-consistency  can 
be  ensured  for  a  ternary  CCSP  in  0(2^***^*ln*). 

Non  convex  CCSPs  During  the  construction  and  propagation  of  2^-tree8,  the  case  when  a 
single  region  is  split  into  several  can  be  reliably  detected.  At  this  point  the  algorithm  branches 
and  explore  both  re^ons  separately  (a  new  CCSP  is  generated).  The  pathological  case  where 
infinite  number  of  sub-regions  are  generated  is  avoided  in  practice,  since  the  regions  smaller  than 
the  maximum  precision  are  not  explored.  However,  the  complexity  is  clearly  exponential  in  the 
worst  case. 

6  Conclusion 

In  this  paper  we  present  a  generalization  of  the  results  obtained  for  convex  temporal  problems 
and  discrete  row-convex  problems  to  mote  general  classes  of  continuous  CSPs  (called  convex 
CCSPs).  One  of  its  main  contribution  is  to  show  that  arcwise  connectivity  properties  of  con¬ 
tinuous  solutions  spaces  can  be  exploited  to  compute  solutions  to  CCSPs  in  polynomial  time 
complexity.  This  paper  also  presents  a  recursive  decomposition  scheme  that  solves  the  problem 
of  representing  general  regions.  The  2* -tree  decomposition  amounts  to  performing  the  stable 
binary-search  method  which  guarantees  convergence  according  to  ntunerical  analysis  results. 
The  cycling  problems,  generally  posed  by  fixed  point  iteration  methods  (such  as  those  observed 
by  Davis  for  the  Waltz  algorithm  [1])  are  consequently  avoided.  Finally,  we  show  that  solving 
non  convex  CCSPs  remains  inherently  costly,  but  decomposition  methods  can  be  proposed  and 
might  be  of  practical  interest  for  many  particular  applications. 
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Abatraet.  Constraint  satisfaction 
problems  (CSP’s)  inv<dve  finding 
values  for  variaUes  subject  to  con¬ 
straints  on  which  comlunations  of 
values  are  permitted.  Symmetrical 
values  of  a  CSP  variaUe  ate  in 
a  sense  redundant.  Their  removal 
will  simplify  the  problem  space.  In 
this  paper  we  give  the  principle 
of  symmetry  and  show  that  the 
concept  of  interchangealulity  intro¬ 
duced  by  E^der,  is  a  particular 
case  of  symmetry.  Some  symmetries 
can  be  computed  efficiently  thanks 
to  the  structure  of  the  problem 
(ndghborhood  interchangeability  is 
a  land  of  these  syrrunetries).  There¬ 
fore  we  show  how  such  syrrunetries 
can  be  used  by  existing  constrain- 
t  propagation  algorithms  and  in¬ 
troduce  a  backtrack  procedure  ex- 
{doiting  symmetries.  Both  theorit- 
ical  analysis  and  expiriments  indi¬ 
cate  that  our  proposed  approach  is 
an  improvment  of  neighborhood  in¬ 
terchangeability  use,  and  has  very 
good  behavior  for  pigeon-hole  prob¬ 
lems. 

1  Introduction 

The  finite  domain  constraint  satisfaction 
problem  (CSP)^  is  well  known  in  Artificial 
Intelligence.  It  has  been  investigated  in  the 

^  Through  out  this  PM>«t  ^  to  to* 

fer  to  the  finite  domain  constraint  satisfaction 
problem. 


past  by  a  number  of  researchers  in  differ¬ 
ent  contexts;  and  steal  a  well-studied  re¬ 
search  area  of  recent  years  (refer  to  Ku¬ 
mar  [10]).  A  CSP  involves,  (1)  a  (finite)  set 
V  =  {vi,V2, . . .  ,Vn}  of  variables,  (2)  a  fi¬ 
nite  set  17  =  {£>1,  Dj, . . . ,  I7„}  of  di^et  do¬ 
main  values  in  which  Di  is  the  finite  dis¬ 
crete  domain  associated  whith  the  variable  vr, 
to  avoid  confusions  between  values  of  differ¬ 
ent  domains,  d{  will  denote  the  fact  that  it 
belonges  to  the  domain  Di,  (3)  a  finite  set 
C  =  {ci,C3, ...,Cn}  of  constraints,  a  k-ary 
constraint  c,  is  defined  on  a  subset  Vt  C  V 
of  variables  which  we  denote  var(c{),  (4)  and 
a  finite  set  A  =  {iZi,  R2, . . . ,  iZn}  of  relations 
corresponding  to  the  constants  in  C,  Ri  rep¬ 
resents  the  list  of  tuples  form  in  which  the  tu¬ 
ples  of  values  satisfying  the  constraint  c,-  are 
enumerated.  Thus,  a  CSP  can  be  seen  as  a 
quadriplet  P(V,  D,  C,  R). 

A  value  assignment  is  a  mapping  which 
specifies  a  value  for  each  variable;  formally  a 
value  assignment  I  can  be  seen  as:  /  :  V  — ► 
Uieli.njA  such  that  7[t»,]  €  Di,  Vi  €  [l,n]. 
A  value  assignment  satisfies  a  constraint  if 
it  gives  a  combination  of  values  to  variables 
that  is  permitted  by  the  constraint;  otherwise 
it  falsifies  it.  Thus  a  constraint  satisfaction 
problem  is  the  task  of  finding  one  or  all  value 
assignments  for  the  constraints  network  such 
that  all  the  constraints  are  satisfied  together. 

As  beeing  expected,  various  techniques 
for  solving  CSP's  have  been  developed; 
these  include  backtraking,  arc  consistancy 
(Waltz  [13],  Mackworth  [11]),  path  consistan- 


cy  (F^der  [6] 

On  other  hand,  sjrmmetries  for  boolean  con¬ 
straints  are  well  studied  in  (Benhamou  and 
Sais  [2,3]).  They  showed  that  it  is  a  real  im- 
provxnent  for  efficiency  of  several  automated 
deduction  algorithms.  In  this  paper  we  devel¬ 
op  the  concept  of  symmetry  for  CSP’s.  Sym¬ 
metrical  domain  values  will  be  in  a  sense  re¬ 
dundant.  Theb  removal  will  simplify  the  prob¬ 
lem  search  space.  On  other  hand  the  set  of 
solution  of  a  CSP  can  be  represented  in  a 
more  compact  way  using  symmetry.  Indeed 
only  non-symmetrical  solutions  are  computed 
(basical  solutions)  from  which  we  process  the 
other  solutions  whitout  duplication  of  efforts. 
The  paper  is  organised  as  following  : 

Two  levels  of  scfnantic  symmetry  are  de¬ 
fined  in  Section  2.  Section  3  discusses  syntac- 
tieai  symmetry  which  is  a  form  of  semantic 
symmetry  that  can  be  computed  efficiently  us¬ 
ing  only  the  structure  of  the  considered  prob¬ 
lem.  In  other  words,  syntactical  symmetry  is 
considered  as  a  suffiisient  condition  to  hold  se¬ 
mantic  symmetry  (Neighborhood  interchange- 
ability  (Pceuder  [^)  is  a  case  of  syntactical 
symmetry).  Section  4  explains  how  symmetri¬ 
cal  values  can  be  used  in  various  algorithms 
such  as  propagation  methods  and  propose  a 
backtrack  procedure  taking  advantage  of  sym¬ 
metrical  values.  In  section  5  we  evaluate  the 
proposed  techniques  by  experimental  results. 
Section  6  concludes  the  work. 

For  simplicity  we  studie  binary  CSP’s, 
which  involve  only  constraints  between  two 
variables.  However,  symmetry  remains  avail¬ 
able  for  non-binary  CSP’s;  and  non-binary 
CSP’s  can  be  transformed  into  binary  ones 
(Rossi,  Dhar  and  Petri  [12]). 

2  Semantic  S3rmmetry 

We  are  interested  by  two  problems  in  CSP’s  ; 
the  problem  of  finding  a  solution  (test  of  sat¬ 
isfiability)  and  the  problem  of  findind  all  the 
solutions  of  the  CSP.  Thus  two  levels  of  se¬ 


mantic  symmetry  are  difined  whith  respect  to 
the  two  previous  problems. 

Definition  1  Symmetry  for  satisfiability. 
Two  domain  values  6{  and  Cj  for  a  CSP  vari¬ 
able  V,-  €  V  are  symmetrical  for  satisfiability 
(notation  »  Cj)  iff  the  following  assertions 
are  equivalent  : 

1.  There  is  a  solution  of  the  CSP  which  con¬ 
tains  the  value  6i; 

2.  There  is  a  solution  of  the  CSP  which  con¬ 
tains  the  value  e,. 

Domain  values  can  be  not  only  symmetrical 
for  satisfiability  (definition  1)  but  symmetrical 
for  the  set  of  all  solutions  as  well.  Thus,  if 
sol{V)  denotes  the  set  of  solutions  of  the  CSP 
V,  then  we  define  a  second  level  of  semantic 
symmetry  as  follow  ; 

Definition  2  Ssrmmetry  for  all  solutions. 
Two  domain  values  6,-  and  c,  for  a  CSP  vari¬ 
able  Vi  €  V  are  symmetrical  for  soi(P)  (nota¬ 
tion  («■  s:  Ci)  if  and  only  if  each  solution  of  the 
CSP  containing  the  value  t,-  can  be  mapped  in¬ 
to  a  solution  containing  the  value  c,  and  vice- 
versa. 

Remark.  Symmetrical  values  for  all  solutions 
(driinition  2)  are  also  symmetrical  values  for 
satisfiability  (definition  1). 

Example  1  Graph  coloring  problem. 

The  problem  consists  in  coloring  the  vertices 
so  that  no  two  vertices  which  are  joined  by  an 
edge  have  the  same  color.  The  available  col¬ 
ors  (domain  values)  at  each  vertex  are  shown 
(figure  1). 

The  redi  and  whitei  colors  for  vertex  vi  are 
two  symmetrical  domain  values.  Indeed,  solu¬ 
tions  in  which  one  of  them  participates,  can 
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be  obtained  from  the  solutions  in  which  the  sufficient  condition  to  hold  semantic  symme- 
other  value  spears  by  pennuting  the  values  try  (definition  2)  and  give  an  efficient  method 
red  and  white  for  the  variables  ,  vj  and  vs-  for  search  of  such  symmetries. 


Fig.l.  The  graph  coloring  problem. 

In  other  hand,  F^uder  introduced  in  ([7]) 
the  notion  of  interchangeability,  where  two  do¬ 
main  values  ate  interchangeable  in  sonm  en- 
veronment,  if  they  can  be  substituted  for  each 
other  without  any  effects  to  the  mivirorunent. 
Let  us  summarise  the  main  definition. 

Definition  3.  Two  domain  values  hi  and  Cj 
for  a  CSP  variable  «,■  €  V  are  fully  inter¬ 
changeable  iff  (1)  every  solution  to  the  CSP 
which  contains  bi  remains  a  solution  when  c,-  is 
substituted  for  bi,  (2)  every  solution  to  the  C- 
SP  which  contaiiu  c,-  remains  a  solution  when 
bi  is  substituted  for  Cj. 

Remark.  Interchangeable  values  are  particu¬ 
lar  symmetrical  values  for  all  solutions  in 
which  the  mi^ping  coiuists  to  permute  the  in¬ 
terchangeable  values  and  still  identity  for  the 
other  values. 

In  the  previous  examples,  values  redi  and 
whitei  axe  not  interchangeable.  Thus,  the 
principle  of  symmetry  seems  to  be  more  gen¬ 
eral  than  the  notion  of  interchangeability. 
Therefore,  eliminating  symmetrical  values  can 
prune  more  great  deal  of  effort  from  a  back¬ 
track  search  tree  if  such  values  are  processed 
efficiently.  We  study  in  the  next  section  syn¬ 
tactical  symmetry  of  domain  values  which  is  a 


3  Syntactical  symmetry 

Identifiying  semantic  symmetries  as  difined  in 
(definitions  1  and  2)  is  straightforward  time 
consoming,  as  this  requires  solving  the  prob¬ 
lem.  This  section  studies  a  family  of  sym¬ 
metries  (syntactical  symmetries)  which  are 
more  tractable  computationally,  thanks  to  the 
structures  of  the  considered  problem. 

A  permutation  <t  of  domain  values  of  a 
binary  CSP  V  =  {V,D,C,R)  can  be  seen 
as:  a  :  Ui6[i.„)A  — ►  Uign.njA,  such  that 
tr(di)  €  Di,  Vt  €  {l.n]  and  Vd,-  €  A-  The 
permutation  <r  have  no  influence  on  the  sets 
{V,D,C}  of  the  CSP  V,  However,  it  induces 
a  permutation  Ot  on  the  tuples  in  each  relation 
Rij  €  R  and  then  a  permutaticm  itr  ^  on  the 
relations  themselves.  Therefore  a  syntactical 
symmetry  of  a  CSP  V  =  (V,  D,  C,  A)  is  a  per¬ 
mutation  of  domain  values  which  leaves  the 
CSP  V  invariant  (i.e.  VR^Ri)  =  Ri,  'iRi  6  R)- 
Formally: 

Definition  4  Syntactical  ssmunetry. 

A  permutation  cr  is  a  qrntactical  synunetry 
of  the  CSP  V  =  {y,D,C,R)  iff  [VA,  e  R, 

<  di,dj  >e  tuples{Rij)  => 

<  ff(di),<r{dj)  >€  tu]^es(Rij)]. 

Remark.  A  syntactical  symmetry  of  a  CSP 
is  a  domain  value  permutation  a  such  that 

•TRiRi)  =  Ri,  m  e  R. 

Example  S  Pigeon-hole  problem.  The  problem 
consists  in  putting  n  pigeons  in  n— 1  holes  such 
that  each  hole  holds  at  most  one  pigeon.  Take 
for  instance  4  pigeons  and  3  holes.  The  pigeon- 
s  axe  represented  by  the  set  of  variables  the 
holes  by  the  domain  values,  as  it  was  shown 

*  Both  Of  lesp.  ffR  axe  natural  generalizations  for 
v  to  tuples  resp.  relations. 
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in  the  constraint  graph  of  figure  2,  the  con¬ 
straint  ei3  is  given  in  its  microstructure  form 
showing  the  permitted  tuples  in  the  relation 
Ria. 


v4 


Fig.  2.  Pigeon-h<de  proUem  for  4  lugeons  and  3 
holes. 

The  permutation  <r  defined  as:  <r(a,-)  =  (6<), 
=  (<v),  ^(cj)  =s  (a,),  Vi  €  (1,4]  keeps  the 
CSP  invariant  (i.e.  ffn(Ri)  =  Ri,  Vi  €  [1,4]). 
Thus,  it  is  a  symmetry  of  the  CSP. 

Definitions.  Two  domain  values  6{  and  Cj 
for  a  CSP  variable  Vj  €  V  are  syntactically 
symmetrical  (notation  bi  ~  c.-)  if  there  exists 
a  sjmtactical  symmetry  v  of  the  CSP  V  such 
that  s’(6i)  =  a- 

Rtmark.  The  relation  (~)  is  a  relation  of  e- 
quivalence. 

In  the  previous  example  domain  values  a\ 
and  hi  of  the  variable  vi  are  syntactically  sym¬ 
metrical. 

Definitions.  A  set  . . .,a”}  of  do¬ 

main  values  form  a  cycle  of  symmetry  in 
T>,  if  there  exists  a  syntactical  symmetry 
ff  of  V  such  that  o'(a])  =  a^,o-(aJ)  = 
a?, . . . ,  =  a?,  <r(a?)  =  a] 


Examples.  The  sets  of  values  {a{,6i,Ci},  i  € 
[1, 4]  of  the  previous  example  forme  four  cycles 
of  symmetry. 

All  values  in  a  cycle  of  symmetry  are  sym¬ 
metrical  two  by  two.  Therefore,  our  method  of 
search  of  symmetry  will  process  a  symmetry 
which  gives  for  each  domain,  classes  (c/(d,  )  de¬ 
notes  the  class  of  di)  of  values  which  are  sym¬ 
metrical  together.  Each  classe  will  be  identi¬ 
fied  by  a  cycle  of  symmetry.  Before,  describing 
the  search  method  of  symmetry,  we  will  prove 
that  syntactical  symmetry  is  a  sufficient  con¬ 
dition  for  semantic  symmetry. 

Theorem  7.  If  6,-  and  e,  are  two  syntactical 
symmetrical  values  of  a  CSP  variable  Vj  €  V 
0>i  ~  Ci)  then  bi  and  c,  are  semantic  sym¬ 
metrical  values  for  all  solutions  of  the  CSP 
(hi  =  Ci). 

Proof  Cf.  ([1]). 

Remark.  Syntactical  symmetrical  values  are 
also  semantic  symmetrical  values. 

Symmetry  expresses  an  important  proper¬ 
ty  that  we  use  to  make  prune  the  search  tree. 
Indeed  if  d,-  partiapates  in  no  soliution  of  the 
CSP  V  and  di  ~  di,  then  d,  wiU  participate  in 
no  solution  too.  Thus,  we  prune  the  sub-tree 
which  corresponds  to  its  assignment.  There¬ 
fore,  if  there  are  n  symmetrical  domain  values 
in  cl(d),  then  we  can  cut  n  —  1  branches  in  the 
search  tree  if  one  of  the  domain  values  has  al¬ 
ready  been  identified  that  it  paticipates  in  no 
solutions. 

See  that  neighborhood  interchangeability  is 
a  very  particular  syntactical  symmetry  which 
permuts  the  interchangeable  values  and  still 
identity  for  the  other  values.  Such  symmetries 
can  not  exists  frequently.  Our  approache  is 
more  general  md  will  get  more  use.  Bellow  we 
give  the  search  method  for  syntactical  symme¬ 
try. 
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3.1  Search  method  for  ssmimetry 

To  be  syntactically  symmetrical,  values  need 
to  satisfy  some  necessary  conditions; 

Proposition 8.  Let  A/i.y(d,)  be  ike  number  of 
occurences  of  ike  value  di  €  Di  in  ike  relation 
Rij  and  tupfes(iZ^^)  ike  set  of  tuples  of  Rij 
in  xakick  di  appears,  tken  to  be  syntactically 
symmetrical,  values  6,  and  a  must  satisfy  ike 
following  conditions: 

i-  Ajiy(ii)  =  (ci),  'iRij  €  R; 

2.  for  eack  dj  €  tuples^li^j), 

3dj  €  tuples(R^j)  suck  ikai  kji^j(dj)  = 
€  R. 

Proof  a.  ([1]). 

The  search  method  consits  in  two  steps:  (I) 
to  partition  each  domain  w.r.i  the  previous 
necessary  conditions  into  primary  classes  of 
values  which  will  be  condidates  for  symmetry. 
(II)  process  a  permutation  ^  from  the  prima¬ 
ry  classes  which  keeps  the  CSP  invariant.  We 
develope  the  step  (II)  which  will  give  the  com¬ 
plexity  of  the  search  method. 

procedure  symmetry{Di  €  D) 

Repeat  for  each  Rij  €  R'- 

Repeat  for  each  d,  €  Di, 
such  that  <  di,dj  >€  tuples(Rij): 
choose  a'(di)  €  cl(d,)  and  (T{dj)  €  cl{dj), 
such  that  <  o(dj),(r(d>)  >€  iuples(Rij) 

Fig.3.  The  search  symmetry  algorithm 

The  classes  of  symmetrical  values  are  the 
different  sycles  of  o.  A  complexity  bound  for 
this  algorithm  can  be  found  by  assigning  a 
worst  case  bound  to  each  repeat  loop.  Given 
m  relations,  at  most  a  values  in  each  domain 
variable,  we  have  the  bound  (the  factors  cor¬ 
respond  to  the  repeat  loops  and  the  choose 
operation  in  topdown  order):  0{m *a* a^)  = 
0(m.a*).  Bellow  we  show  how  several  meth¬ 
ods  can  be  augmented  with  the  advantage  of 
symmetry. 


4  Adaptation  of  various 
Constraints  Propagation 
Algorithms 

Now  we  are  in  the  position  to  show  how  these 
domain  symmetrical  values  can  be  used  to  in¬ 
crease  efficiency  of  various  existing  algorithm- 
s.  We  give  a  few  modifications  of  the  key  pro¬ 
cedures  and  show  the  advantages  of  the  use 
of  symmetry  techniques  for  certain  problem 
types.  We  focus  on  binary  CSPs. 

4.1  Constraint  filtering  algorithms 

The  critical  and  most  time  consuming  task 
in  network  consistency  procedures  is  to  check 
if  all  values  of  a  particular  variable  domain 
can  potentially  be  a  member  of  a  solution. 
These  checks  are  done  repetitively  for  sin¬ 
gular  variables  w.r.i  singular  constrains.  In 
the  case  of  binary  constraints,  the  procedure 
revise(Di,Dj)  is  usually  used.  It  removes  all 
values  of  Di  for  which  no  value  of  the  domain 
Dj  can  be  found  such  that  the  binary  con¬ 
straint  dj  between  variables  Vi  and  is  sat¬ 
isfied.  It  is  abvious  that  the  worst-case  com¬ 
plexity  of  revise  is  C7(a^)  where  a  is  the  max¬ 
imum  domain  size. 

The  procedure  revise  is  applied  on  differ¬ 
ent  constraints  seperatelly,  then  symmetrical 
domain  values  must  be  computed  w.r.t  a  giv¬ 
en  constraint  c.  The  main  idea  is  that  domain 
values  can  be  syrmnetrical  w.r.t  a  constraint 
c,  but  not  syrmnetrical  w.r.i  other  constraints. 
So  it  is  important  to  caracterize  syrmnetrical 
values  for  each  constraint  of  the  network  in¬ 
dependently. 

We  use  the  expression  c/(d)*  (d  is  a  domain 
value  of  the  CSP  variable  v  €  var(c))  to  de¬ 
note  the  equivalence  class  of  symmetrical  val¬ 
ues  w.r.i  to  the  constraint  c  in  wiuch  d  ap¬ 
pears;  formally:  c/(d)*  ={</  €  Dv  :  d  ~  d}. 

Figure  4  shows  the  procedure  revise  aug¬ 
mented  by  the  advantage  of  syrrrmetry. 
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piocedoie  retit«e'^'^(vai  Z7i:<loiiiai]i,Z7j:doinaui) 
begiii 

Ai»{} 

repeat 

s  :ss  an  element  of  Di 
repeat 

y  :s:  an  dement  of  Aj 
if  <  *.  jr  >  €  tiiples{Rij)  then 
begin 

Ai  :^Ai\J{cKz)lrnDi} 

Ai  ={  } 

end 

eke  Ai  :=  Ai-{c/(y)«^} 
nntil(Ai  ={  }) 

until  (Di  ={  }) 

Di  :=  Ai 

end 

Fig.4.  The  revise^^  algorithm. 

The  main  difference  between  the  classical 
revise  and  revise^^  is  that  the  former  checks 
in  the  worst  case  all  tuples  Di  x  Dj  and  the 
later  treats  groups  of  symmetrical  values  e> 
qually.  A  symmetry  a  defined  on  a  constraint 
c  partionnes  the  domain  Di  into  subsets  of  do¬ 
main  values  which  are  symmetrical  together. 
If  i7*  is  the  set  of  symmetrical  subsets  do¬ 
main  values  of  the  variable  v  €  var(e),  w.r.t 
the  constraint  e,  if  we  assupse  that  the  sets  17| 
for  all  constraint  c  and  all  variables  v  €  var(c) 
are  of  size  d  (1  <  d  <  a),  then  a  worst  case 
bound  of  the  algorithm  revise^^  is  0(a^). 

4.2  Backtrack  search 

In  the  following,  we  want  to  envolve  a 
tree  search  scheme  where  symmetrical  search 
branches  are  recognized  by  use  of  symmetri¬ 
cal  values.  The  algorithm  is  basically  the  same 
as  classical  backtrack  tree  search  as  discribed, 
for  instance  in  (  Fox  and  Nadel  [5]). 

But  first  we  have  to  give  some  notations  we 
need  for  the  development  of  the  search  proce¬ 
dure.  Each  output  of  a  traditional  backtrack 
procedure  is  an  assignment  tuple  representing 


a  solution  for  the  given  CSP.  Because  we  wan- 
t  to  handle  groups  of  symmetrical  values,  we 
have  to  modify  the  form  of  the  output.  Instead 
of  single  assignment  values,  sets  are  used.  As  it 
was  done  in  ([9]),  assignment  tuples  are  chift- 
ed  to  assignment  bundles. 

Definition  9  Assignment  Bundle.  Let 
V  be  the  set  of  n  variables  of  the  CSP  V.  An 
n-tuple  A  where  the  itb  element  (1  <  i  <  n) 
is  a  non-vacuous  subset  of  the  domain  Di  is 
called  an  assignment  bimdle. 

Definition  10  Solution  Bundle.  Let 
sol(V)  be  the  set  of  all  solution  of  the  CSP  T. 
An  assignment  bundle  A  =  {Ai, . . . ,  An}  on 
the  variables  V  of  the  CSP  is  said  to  be  a  solu¬ 
tion  bundle,  if  and  only  if  Ai  x  A2  ■ . .  x  An  C 
soliT). 

Solutions  bundle  represent  then  groups  of 
paths  throught  the  search  tree,  which  are  solu¬ 
tions  of  the  CSP.  The  terms  of  local  and  global 
consistency  (see,  for  instance  Dechter[4])  can 
be  extended  to  assignment  bundles. 

Definition  11.  -  An  assignment  bundle 

A**  on  the  variables  VJ,  C  V  is  said  to 
be  locally  consistent,  if  every  assignmen- 
t  tuple  extractable  &om  A''  is  locally^, 
conntent; 

-  An  assignment  bundle  A**  on  the  variable 

C  V  is  said  to  be  globally  consisten- 
t,  if  there  exists  am  extention  assignment 
bundle  A*  on  the  variables  (V  —  Vp)  such 
that  A^  U  A'  is  a  solution  bundle; 

-  An  assignment  bundle  A**  is  said  to  be  in¬ 
consistent,  if  every  assignment  tuple  ex¬ 
tractable  from  A^*  is  inconsistent  (i.e.,  no 
tuple  in  A^*  can  be  extended  to  a  solu¬ 
tion). 

Now  we  modify  the  classical  backtrack 
search  such  that  for  each  pass  a  bundle  assign¬ 
ment  is  computed.  Solutions  bundle  regroup 

*  I.e.,  all  the  constraints  of  the  subnetwork  de¬ 
fined  by  the  variables  Vp  are  satisfied. 
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sets  of  symmetrical  solutions.  The  following 
theorem  gives  the  fundamental  basis  for  the 
utilisation  of  symmetrical  values. 

Theorem  12.  Let  A'  he  an  assignment  bun¬ 
dle  on  the  variables  Vp  C  V  which  is  either 
globallg  consistent  or  inconsistent.  Let  v  be  a 
variable  ofV  —  Vp,6„C  and  C*  all  bina¬ 
ry  constraints  from  v  to  variables  of(V  —  Vp), 
such  that  the  two  following  two  conditions  hold 


will  test  both  interchangeability  and  symme¬ 
try  and  compare  them  on  two  kind  of  problem- 
s:  (I)  randomlly  generated  CSP’s,  we  use  the 
same  test  model  as  proposed  in  F^uder  ([8]). 
(II)  the  pigeon-hole  problem  which  is  known 
to  be  hard,  is  solved  using  syiiunetries  with  a 
linear  complexity,  however  interchangeability 
get  no  use  for  this  problem. 


1.  +  6„  is  locally  consistent; 

2.  Vdi,di  €  :  Vc  €  C*,  di  ~  dj. 

Then  A^  +  6v  is  either  globally  consistent 
or  inconsistent. 

Proof.  Cf.  ([!]) 

procedure  haektraek^'^  (kdnteger,B:aasign-baBdle); 
begin 

revise^ (Dk,  Dp),  for  1  <  p  <  k\ 

{or  do  some  land  of  look  ahead  fUtring} 
dk  Dki 

repeat 

X  ;s  an  element  of  Dk’, 

C*  ;ss  all  constraints  on  «k  to  fatme  variables; 

dk  :=  dk  -  B[fc] 

if  h  =  fi  then  wiite(B) 

else  backtracking^  {k  1,  B); 

until  (dk  =  {}): 

end. 

Fig.5.  The  backtrack  algorithm. 

The  advantageous  behavior  of  the  pro¬ 
cedure  backtracking^^  is  that  symmetrical 
search  branches  are  bundled  and  visited  once. 

If  a  dead-end  occurs,  all  the  partial  assignment 
extractable  frome  the  derived  assignment  bun¬ 
dle  are  proven  to  be  confliting. 

5  experiments 

Now  we  want  to  invistigate  the  indicated 
performance  improvement  of  our  augmented 
search  technique  by  experimental  analysis.  We 


5.1  The  experiment  model 


Random  CSP’s  are  characterized  by  the  fol¬ 
lowing  four  parameters:  (1)  n,  the  number  of 
variables.  (2)  a,  the  maximum  domain  size.  (3) 
t,  the  constraint  tightness  which  is  the  fraction 
of  forbidden  tuples  to  the  number  of  possible 
tuples.  (4)  the  constraint  density  which  is  a 
number  between  0  and  1  given  by  d,  indicates 
the  fraction  of  additional  constraints. 


5.2  Results 


Three  forward-checking  seatch  procedures  are 
compared:  (1)  (FC),  the  classical  forward¬ 
checking.  (2)  (FC  —  NI),  forward-checking 
with  the  advantage  of  neighborhood  inter¬ 
changeability  seen  as  particular  syntactical 
symmetry.  (3)  (FC  —  SV),  the  instance  of 
the  search  scheme  backtracking^^  (see,  fig- 
ure  5)  where  forward-cheking  iiltring  is  used. 
The  indicator  of  the  complexity  is  the  num¬ 
ber  of  checks.  Of  cours,  the  checks  needed 
for  the  computation  of  neighborhood  inter¬ 
changeability  resp.  symmetry  are  added  to  the 
run  time  checks.  The  samples  of  each  test  are 
30  randomly  generated  CSP’s. 
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Fig.6.Syniinetiy  effects  w.r.t  the  nnmbet  of  variables  g  Symmetry  effects  on  pigeon-hole  problems. 

It  can  be  seen  in  figure  6  that  the  effect  of 
both  symmetry  and  interchangeability  grows 
if  the  problem  increase.  The  variable  size  steps  ^  Conclusion 
from  6  to  10,  a  is  fixed  on  5,  t  and  d  are  from 

the  inter^(0.1-0.4]  (the  profitable  ranges  for  have  developed  the  formal  cocept  of 

the  use  of  m^chang^bihty  M  cl^ed  m  [8]).  symmetry  in  constraint  satisfaction  problem- 
It  can  also  be  seen  that  FC  —  SV  defimtily  .  .  ..  .  .r  i 

beats  FC  -  NI  at  these  problems  type.  co^tramtes  satisfaction  alg<^ 

nthmes  can  be  adapted  to  exploit  such  in¬ 
formation.  The  principe  of  interchangebility 
is  shown  to  be  a  particular  case  of  symme¬ 
try.  Further  investigation  will  consist  to  ex- 
I  '  '  T  ^  '  '  1  tend  symmetry  to  domain  values  of  different 

r  FC  - -  variables  and  try  to  identify  certrun  type  of  C- 

/  FC-NI  "  SPVfor  which  such  symmetries  get  more  use. 

/  FC-SV  - ■ 
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Fig.7.  FC  and  FC-NI  effects  on  Pigeon-hole  problem. 
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ear,  whereas  both  FC  and  FC  —  NI  (figure 
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neighborhood  interchangeability  get  no  use  for 
this  problem. 
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Abstract 

Many  classes  of  propositional  calculus  problems  display  a  large 
amount  of  symmetries,  i.e.  the  set  of  clauses  representing  such  prob¬ 
lems  remains  invariant  under  certain  permutations  of  variable  names. 

In  [2,1]  we  have  shown  how  such  symmetries  can  be  detected  and  used 
to  simplify  satisfiability  checking. 

The  problem  of  finding  all  models  of  a  given  CNF  propositional 
theory  is  known  to  be  hard.  More  generally,  we  need  to  explore  a 
complete  proof  tree  and,  in  some  cases,  the  set  of  models  is  much  too 
large  to  be  represented  explicitly. 

In  this  paper,  we  show  how  symmetries  can  be  used  to  represent 
a  large  set  of  models  by  a  subset  of  characteristic  models(non  sym¬ 
metric  models).  The  other  models  can  be  obtained  by  applying  the 
computed  symmetries. 

We  present  an  algorithm  for  enumerating  non  symmetric  models, 
and  we  show  results  obtained  on  some  known  problems,  such  as  the 
pigeon-hole,  queens  and  some  other  problems  derived  from  mathemat¬ 
ical  theorems. 

Key  words.  Theorem  proving,  propositional  caJculus,  symmetries. 

1  Introduction 

Finding  all  satisfying  models  for  a  formula  in  conjonctive  normal  form  (CNF), 

or  even  deciding  whether  a  satisfying  model  exits  (Sat),  is  known  to  be  NP 
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hard.  There  are,  however,  a  large  classes  of  propositional  problems  which 
contains  several  symmetries.  The  principle  of  symmetry  originaly  suggested 
by  Krishnamurty  [8]  can  lead  in  many  cases  to  a  shorter  proof  of  the  problems. 
Indeed,  for  a  set  5  of  clauses  with  n  propositional  variables,  there  are  2" 
possible  interpretations  (i.e.  mapings  from  the  variables  to  the  set  {True, 
False}).  If  S  contains  symmetries,  then  the  interpretations  can  be  partioned 
into  equivalence  classes.  Satisfiability  checking  can  be  reduced  to  the  problem 
of  testing  one  interpretation  from  each  such  equivalence  class.  The  number 
of  such  classes  give  us  an  estimate  of  the  usefulness  of  a  set  of  symmetries. 

In  [2,1]  we  have  explained  how  symmetries  are  detected  and  used  in  some 
automated  deduction  methods  such  as  Si-Resolution  algorithm  and  Davis 
and  Putnam  procedure.  Good  results  have  been  obtained  on  some  known 
hard  propositional  problems. 

Enumerating  all  the  models  of  CNF  propositioned  theory  is  an  interesting 
and  difficult  task[4].  The  difficulty  is  that  we  generally  need  to  explore  a 
complete  proof  tree  and  in  some  cases  the  set  of  models  is  much  too  large 
to  be  represented  explicitly.  The  interest  of  this,  is  that  for  certain  kind 
of  information  the  model-based  representation  is  much  more  compact  and 
enable  much  faster  reasoning  th2Ui  the  traditional  representation  using  logical 
formulas[6,7]. 

In  this  paper,  we  show  how  symmetries  can  be  used  to  represent  the  set 
of  models  by  a  subset  of  characteristic  models(non  symmetric  models),  from 
which  all  others  can  be  generated.  We  present  an  adgorithm  for  enumerating 
all  non  symmetric  models,  and  we  show  results  obtained  on  some  known 
problems. 

2  Preliminaries 

We  shall  assume  that  the  reader  is  fauniliar  with  the  proposition2d  calculus. 
For  a  propositional  variable  p  there  are  two  literals  p  the  positive  literal  «ind 
-ip  the  negative  one.  A  clause  is  a  disjunction  of  literals  such  that  no  literal 
appears  more  than  once,  a  clause  containing  no  literals  is  called  the  empty 
clause.  A  set  5  of  clauses  is  a  conjunction  of  clauses.  In  other  words  we 
say  that  S  is  in  the  conjunctive  normal  form.  A  truth  assignment  to  a  set 
of  clauses  5  is  a  map  I  from  the  set  of  variables  occurring  in  S  to  the  set 
{True,  False}.  The  value  of  5  under  the  truth  assignment  will  be  defined  in 
the  usual  sense.  We  say  that  a  set  of  clauses  5  is  satishable  if  there  exists 
some  truth  assignments  in  which  5  takes  the  value  True;  it  is  unsatisfiable 
otherwise.  In  the  first  case  I  is  called  a  model  of  5.  Also,  if  £  is  true  in  a 
model  of  5,  we  say  that  i  has  a  model  in  5.  We  identify  ->i  to  the  opposite 
ofi. 
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3  Symmetries 

We  recall  some  definitions  and  property  of  symmetry,  for.  more  detiiils  see 

A  bijective  map  o- :  V  -+  V  is  called  a  permutation  of  variables.  If  5  is  a 
set  of  clauses,  c  a  clause  of  5  and  tr  a  permutation  of  variables  occurring  in 
5,  then  <t(c)  is  the  clause  obtained  by  applying  <r  to  each  variable  of  c  and 
<t(5)  =  Hc)/c€5}. 

In  the  following  we  define  a  permutation  on  literals. 

Definition  3.1  A  set  P  of  literals  is  called  complete  i/V^  £  P,  -'i  €  P 

Definition  3.2  Let  P  be  a  complete  set  of  literals  and  S  a  set  of  clauses  of 
which  all  literals  are  in  P. 

A  permutation  a  defined  on  P  (c  :  P  —*  P)  is  called  a  symmetry  of  S  if  it 
satisfies  the  following  conditions  : 

1.  V^€P,<T(-n€)=^<T(£) 

2.  <x{S)  =  S 

Definition  3.3  Two  literals  (variables)  I  and  I'  are  symmetric  in  S  notation 
(I  ~  P)  if  there  exists  a  symmetry  a  of  S  such  that  <t{£)  =  £'.  A  tuple 
•  •  •  >^n)  of  literals  is  called  a  cycle  of  symmetry  in  S  if  there  exist  a 
symmetry  a  defined  on  S,  such  that  (t{£i)  =  ^2)  •  •  •  cr(£„^i)  =  £„,  cr(£„)  =  £i . 

Example  3.4  Let  S  be  the  following  set  of  clauses  ;  5  =  {a  V  ->6,  c} 
and  <r  the  map  defined  on  the  complete  set  P  of  literals  occurring  in  S  : 

(7(0)  =  -'b,  <^(-<0)  =  6,  <r(6)  =  -la  ,  =  a,  a(c)  =  c  and  a(->c)  =  ->c 

tr  is  a  symmetry  of  S  ,  a  and  ->b  are  symmetric  in  S  (a  ~  ->b  ). 

<7(5)  =  {-<6Va,c}  =  5. 

Definition  3.5  Let  P  be  a  complete  set  of  literals,  a  a  symmetry,  I  a  truth 
assignment  of  P  and  S  a  set  of  clauses  then,  a{I)  is  the  truth  assignment 
obtained  by  substituting  every  literal  £  in  I  by  ar{£). 

Proposition  3.6  I  is  a  model  of  S  iff  a{J)  is  a  model  of  S  . 

Proof :  cf.[2,l] 

From  the  poposition  above,  one  can  define  an  equivalence  relation  on  the 
set  of  interpretations  by  :  /i  ~  I2  iff  there  exists  a  symmetry  <t  on  5  such 
that  Ji  =  o-(/2). 

In  the  previous  example,  the  set  of  possible  interpretations  can  be  partioned 
into  six  distinct  classes  :  [000], [110]},  {[001], [111]},  {[010]}, {[011]},  {[100]} 

and  {[101]}.  Also  we  can  easily  distinguish  two  distinct  classes  of  models 
:  {[001], [111]}  and  {[101]}  ([101]  should  be  read  as  [a=True,  b=False  and 
c=True]). 
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Theorem  3.7  Let  £  and  t  be  two  literals  of  S. 

in  S,  then  £  has  a  model  in  S  iff  t  has  a  model  in  S  . 

Proof  :  direct  consequence  of  proposition  3.6 

Let  us  define  A. •.../«  the  set  of  clauses  obtained  after  assigning  to  the 

literals  £\,£2,. . .  ,£n  the  value  true,  consequently, 

Corollary  3.8  Let  {£,£i,£2,-'-t£n)  be  a  cycle  of  symetry  of  £  in  S  then,  S 
is  satisfiable  iff  St  or  . is  satisfiable. 

The  previous  theorem  is  very  usefuil  to  make  prune  the  proof  trees.  Indeed, 
if  £  has  no  model  in  5  and  £  ~  £‘,  then  £'  will  have  no  model  in  5,  thus  we 
pnme  the  branch  which  corresponds  to  the  assignment  of  £*  in  the  proof  tree. 
Therefore,  if  there  are  n  symmetric  literals  we  can  cut  n  —  1  branches. 

In  [2,1],  we  have  explained  how  symmetries  are  detected  and  used  in  dif¬ 
ferent  automated  deduction  algorithms  such  as  Si-Resolution  and  the  Davis 
and  Putnam  procedure.  It  should  be  noted  that  in  our  previous  work  [2,1], 
we  search  for  s3nDametries  at  each  level  of  the  proof  tree  :  on  the  set  of  claus¬ 
es  simplified  by  the  current  assignment,  we  call  these  symmetries  local,  in 
opposition  to  symmetries  of  the  ori^nal  set  of  clauses  (global  symmetries). 
Local  symmetries  must  be  very  usefful,  when  the  problem  holds  some  sym¬ 
metric  kernels.  This  kind  of  symmetries  can’t  be  used,  if  we  adress  the 
problem  of  computing  non  symmetric  solutions  of  the  problem.  In  some  oth¬ 
er  problems,  the  symmetries  appear  on  the  original  problem  (global),  but 
they  can  disapear  after  assignment  of  some  variables. 

4  A  characterization  of  the  set  of  models 

In  the  sequel,  We  show  how  the  principle  of  symmetry  can  lead  to  a  short 
representation  of  the  set  of  models. 

Definition  4.1  Two  models  mi  and  m2  of  a  set  S  of  clauses  are  symmetric 
if  there  exists  a  symmetry  a  of  S  such  that  <7(mi)  =  m2 

Remark  4-S  If  £  '^  £'  on  S,  then  £  and  £'  have  the  same  number  of  models. 

Definition  4.3  Let  S  be  a  set  of  clauses  and  A  a  set  of  literals  occurring  in 

5  which  don’t  contain  a  literal  and  its  opposite. 

We  define  M{S,A)  as  a  set  of  models  of  S  which  contain  the  literals  of  A. 
and  M{S,  0)  is  the  set  of  all  models  of  5. 

Definition  4.4  Let  S  be  a  set  of  clauses  and  A  =  {^1,^2?  •  •  •  >^n}  set  of 
literals  of  S  which  don’t  contain  a  literal  and  its  opposite. 
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We  define  M(5, 0)/A  as  a  partition  of  all  the  models  of  S  on  A  : 

M{S,it)/A  =  . . . 

M{S,  -^,^£2 .  ■ .  -4-i4), M(S,  -4-4 . . .  -4)} 

Theorem  4.5  Let  S  be  a  set  of  clauses  and  a  a  symmetry  on  S  such  that 
,  4)  is  a  cycle  of  symmetry,  then, 

1.  Vt  sudi  that  2  <  t  <  n, 

Af(5,  ->4  .  •  •  -4-14)  =  o-'“^(Af(5,4-4-(i-2)  •  •  •  -4))  ^and; 

2.  The  models  M{S,£i)  and  M{S,  —4  •  •  •  —4)  nre  not  symmetric. 

Proof : 

1) -  Obvious.  By  the  definition  of  a  cycle  of  symmetry,  one  cam  easily  write 

<T*“^(M(5,4-4-(i-2)  •  •  •  -4))  as  M(5,-4  •  •  •  -4-i4) 

2) -  Suppose  that  there  exists  mi  €  M(5,4)  and  mj  6  M{S,  —£1 . . .  ->4)  such 
that  <r‘(mi)  =  mj  with  1  <  i  <  n. 

4  €  mi,  then  <t‘(4)  €  mj  and  <t*(4)  €  {4>4>  •  •  •  >4}>  m2  contain  the  liter¬ 
als  —4  ,  -£2, . .  •  ,  ->4i  one  can  see  that  m2  contain  a  literad  and  its  opposite 
(contradiction)Q 

This  theorem  show  that,  for  a  cycle  of  symmetry  p  =  (4>  •  •  •  >4)  on  S, 
the  set  of  models  of  S  can  be  partitioned  into  three  subsets  ; 

Ml  =  MiS,£i),  Ml  =  ua,2<r‘-i(M(5,4-4-(.-2)  •  •  •  -4))  and 
Ms  =  M{S,  —4  . . .  — 4)- 

The  modeb  Mi  are  included  in  Mi  up  to  symmetry.  The  models  Mi  and  M3 
axe  non  symmetric. 

4.1  Use  of  symmetries 

We  will  show  an  adgorithm  Find-NonJ5ymmetric.Models(S ){Figaxe  1),  for 
enumerating  adl  non  symmetric  models  of  5,  this  adgorithm  uses  ais  its  baisic 
subroutine  Solve(S).  If  5  is  satisfiable,  then  it  returns  a  satisfying  truth 
assignment;  otherwise,  it  returns  nil.  The  notation  Solve(S,  <i>)\s  a,  shorthand 
for  Solve  (S  U  ^  is  the  set  of  literals  in  the  current  aissignment. 

In  order  to  find  all  the  solution,  we  use  the  Davis  and  Putnam  procedure 
without  monotone  (pure)  literal  rule. 

Let  (j>  —  {4  •••4}  be  the  current  set  of  literals  aissigned  the  value  true. 
Suppose  we  have  found  all  the  models  of  5  U  Before  seau-ching  for  the 
models  of  5  U  {4  •  •  -4-17— 4}?  we  seairch  for  a  cycle  of  symmetry  p  of  the 
literal  4  on  S(globad  symmetry),  with  the  condition  that  {4,4  •  •  -4-1}  is 
invariant  imder  the  symmetry^.  This  additionad  condition  allows  us  to  avoid 

:  application  of  o  i  times 

set  of  literals  ^  is  invariant  under  a  symmetry  <r  iff  <r(£)  €  0 
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symmetric  models  to  the  models  found  at  the  current  level  of  the  proof  tree. 
Now,  we  search  for  the  models  of  5  U  {£i . .  •  lk-\~'ik)  U  €  p}. 

As  it  is  shown  in  Figure  1,  in  subroutine  Find~NtxtJ4odtl  we  search  for 
global  symmetries  to  avoid  symmetric  models,  and  in  Solve  we  search  for 
local  symmetries  in  case  of  contradiction. 

Fmd^on^yiiimetric^odels(S) 

{ 

^4—0 

models— Solve(S  ,^) 
while  model;^  nil 
do  {  print  model 

models— Find..Next-Model(S,  model) 

} 

} 

Find  J^ext  J^odel(S,{^i ,  ^2  . . .  4. }) 

{ 

for  i=n  downto  1 
do  { 

/*  global  symmetry  */ 

compute  a  cycle  of  symmetry  V*  of  f,'  on  5  such  that  {fi,£2  •  fi-i}  is  invariant 
model— Solve(S,{fi, /2 . .  U  {-«f,  Vf  € 

if  model?£nil  then  return(model) 

} 

retum(nil) 

} 

Solve(S,^) 

{ 

unit4>ropagate(S,^)  /*  repeated  application  of  unit-literal  rule  */ 
if  contradiction  discovered  then  return(nil) 
else  if  all  clauses  are  satisfied  then  retum(^) 
else  { 

X  —  some  unvalued  variable 
if  Solve(S,^  U  {ar})=nil 
then  { 

compute  a  cycle  of  symmetry  of  z  on  5  U  ^  /*  local  symmetry  */ 
retum(Solve(S,^  U  {-<z}  U  V£  G  V})) 
else  retum(Solve(S,^  U  {z})) 

} 

} 


Figure  1:  Algorithms  Find-Nonjsymmetric_Models 


5  Results 

We  now  present  some  results  on  the  algorithm  (Figure  ch  and  without 
symmetry.  For  each  problem,  we  give  the  total  number  of  models(NM)  and 
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the  number  of  non  symmetric  models(NSM).  Also  in  the  case  of  unsatisfia¬ 
bility  we  show  also  how  symmetries  affect  the  size  of  the  proof  tree. 

5.1  Description  of  the  benchmarks 

•  Queens.  Placing  N  queens  in  N  x  N  chessboard  such  that  there  is  no 
couple  of  queens  attacking  each  other.  Notation  Queen(N) 

•  Erdos’s  theorem.  Find  the  permutation  a  of  N  first  numbers  such  that 
for  each  4-tuple  l<t<j<fc</<N  none  of  the  two  relations 
<T(t)  <  <T{j)  <  <T(k)  <  tr{l)  and  <t{1)  <  o-(fc)  <  <r(j)  <  <t(i)  is  verified. 
This  problem  is  modeled  by  creating  for  e3w:h  couple  (i  j)  a  variable  fij 
which  means  0(1)  <  <r(j).  The  rules  express  the  associativity  of  the 
relation  <,  and  prohibit  the  misplaced  4-tuples. 

For  N  <  9  the  problem  admits  solutions,  beyond  it  doesn’t.Notation 
Erdos(N) 

•  Pigeon  Hole:  Put  n  pigeon  in  n  —  1  pigeon-holes  such  that  each  pigeon¬ 
hole  holds  at  most  one  pigeon.  The  problem  is  unsatisfiable,  for  n  pi¬ 
geon  and  n  holes  the  problem  have  n!  solutions.  Notation  Pigeon{P,H) 

•  Schur’s  lenoma:  How  to  distribute  N  counters  numbered  from  1  to  N 
into  3  boxes  A,  B,  C  in  accordance  with  the  following  rules: 

1)  A  box  can’t  contain  both  the  counters  numbered  i  and  2*i 

2)  A  box  can’t  contain  the  counters  numbered  i,  j  and  t  -I-  j 

This  problem  is  modeled  simply  by  creating  one  variable  by  counter 
and  by  box.  For  <  13  the  problem  admits  solutions,  beyond  it 
doesn’t.  Notation  Schur(N) 

•  Ramsey  problem’s:  Color  the  edges  of  a  complete  graph  on  N  vertices 
with  k  different  colors  such  that  no  monochromatic  triangle  appears. 
Notation  Rnmsey(N,K) 
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Table  1  ;  Schur's  Lemma  and  Ramsey's  problem, etc. 


Problems 

SAT 

Without  symmetry 

With  symmetry 

NM 

Steps 

Times 

NSM 

Steps 

Times 

lasiflDmil 

Hi 

10! 

- 

1 

Hgl 

4.11” 

Queen(4) 

hI 

2 

76 

1 

0.150” 

Queen(6) 

4 

1066 

4.13” 

2 

278 

2.150” 

Queen(8) 

n 

92 

17304 

1*21” 

23 

7321 

30.53” 

Erd6s(9) 

a 

1356 

35732 

3’57” 

125 

2M7” 

N 

0 

2332 

6.213” 

0 

1166 

4.56” 

Schur(13) 

Y 

18 

2029 

5.83” 

1 

148 

1.96” 

Schur(14) 

N 

0 

1878 

4.17” 

0 

374 

1.517” 

Ramsey(5,2) 

Y 

2 

231 

0.200” 

1 

43 

0.01” 

Table  2  :  Pigeon-hole  problems 


Number  of  pigeons 

Clauses 

Variables 

With  symmetries 

Steps 

Times 

14 

1197 

182 

193 

3.21” 

16 

1816 

240 

253 

6.83” 

18 

2619 

306 

321 

13.11” 

20 

3630 

380 

397 

23.04” 

22 

4873 

462 

481 

35.29” 

24 

6372 

552 

573 

54.73” 

26 

8150 

650 

673 

r20” 

28 

10234 

756 

781 

2’15” 

30 

12645 

870 

897 

3’34” 

6  Related  Work 

Krishnamurty[8]  discuses  the  idea  of  using  symmetries  to  reduce  the  length  of 
resolution  proofs,  he  uses  a  rule  of  symmetry  to  avoid  repeated  independent 
derivations  of  intermediate  formulas  that  are  permutations  of  others.  His 
work  does  not  adress  the  problem  of  detecting  symmetries  or  of  using  them 
in  search  problems. 

Benhamou  and  Sais[l,2]  discusses  the  detection  and  the  use  of  symmetries 
in  automated  deduction  methods. 

FVeuder[5]  discusses  the  elimination  of  interchangeable  value  in  constraint 
satisfaction  problem: 

Also,  a  theoritical  analysis  of  reasoning  by  symmetry  in  first-order  logic  have 
been  presented  in  Crawford{3]. 
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7  Conclusion 


In  this  paper,  we  have  shown  how  global  symmetries  can  be  used  to  obtain 
a  new  characterization  of  the  set  of  models  of  a  given  CNF  propositionaJ 
theory.  For  some  problems  symmetries  give  us  a  way  to  represent  large  sets 
of  modiels. 

Also,  the  results  obtained  in  this  paper,  shows  the  usefulness  of  global  sym- 
metries  in  case  of  checking  satisfiability.  There  are,  however,  some  problems 
which  possesses  abundant  local  symmetry.  Consequently,  in  order  to  increase 
the  tractable  classes  of  problems  by  using  symmetries,  it  is  necessary  to  com¬ 
bine  the  two  kinds  of  symmetries. 

In  special  case  of  Horn  formulas  and  2-cn£s,  computing  all  models,  although 
counting  is  ^P-complete,  we  intend  to  experiment  our  algorithm  on  this  kind 
of  formulas. 
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Constraint-Generating  Dependencies 
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Abstract  1  Introduction 


'naditionally,  dependency  theory  has  been  de¬ 
veloped  for  uninterpreted  data.  Specifically,  the 
only  assumption  that  u  made  about  the  data  do¬ 
mains  is  that  data  values  can  be  compared  for 
equality.  However,  data  is  often  interpreted  and 
there  can  be  advantages  in  considering  it  as  such, 
for  instance  obtaining  more  compact  represents' 
tions  as  done  in  constraint  databases.  This  paper 
considers  dependency  theory  in  the  context  of  in¬ 
terpreted  data.  Specifically,  it  studies  constrainU 
generating  dependencies.  These  are  a  generalisa¬ 
tion  of  equality-generating  dependencies  where 
equality  requirements  are  replaced  by  constraints 
on  an  interpreted  domain.  The  main  techni¬ 
cal  results  in  the  paper  are  decision  procedures 
for  the  implication  and  conwtency  problems  for 
constraint-generating  dependencies.  These  deci¬ 
sion  procedures  proceed  by  reducing  the  depen¬ 
dency  problem  to  a  decision  problem  for  the  con¬ 
straint  theory  of  interest,  autd  are  applicable  as 
soon  as  the  underlying  constraint  theory  is  de¬ 
cidable.  F\irthermore,  complexity  results  for  spe¬ 
cific  constraint  domains  can  be  transferred  quite 
directly  to  the  dependency  problem. 
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CJ*.  165,  1050  Brussels,  Belgium.  Eimail: 
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^Address:  Institut  Moatefiore,  B38;  4000  Liige  Sart- 
Tihnaa; Belgium.  Email:  psSnuBtsriers.Blg.ac.be. 


Relational  database  theory  is  largely  built  upon 
the  assumption  of  uninterpreted  data.  While 
this  has  advantages,  mostly  generality,  it  fore¬ 
goes  the  possibility  of  exploiting  the  structure  of 
specific  data  domains.  The  introduction  of  con¬ 
straint  databases  [KKR90]  was  a  breaJr  with  this 
uninterpreted-data  trend.  Rather  than  defining 
the  extension  of  relations  by  an  explicit  enumer¬ 
ation  of  tuples,  a  constraint  database  uses  con¬ 
straint  expressions  to  implicitly  specify  sets  of 
tuples.  Of  course,  for  this  to  be  possible  in 
a  meaningful  way,  one  needs  to  consider  inter¬ 
preted  data,  that  is,  data  from  a  specific  domain 
on  which  a  basic  set  of  predicates  and  functions 
is  defined.  A  typical  example  of  constraint  ex¬ 
pressions  and  domain  are  linear  inequalities  in¬ 
terpreted  on  the  teals.  The  potential  gains  from 
this  approach  are  in  the  compeu;tness  of  the  repre¬ 
sentation  (a  single  constraint  expression  can  rep¬ 
resent  many,  even  an  infinite  number  of,  explicit 
tuples)  and  in  the  efficiency  of  query  evaluation 
(computing  with  constraint  expressions  amounts 
to  manipulating  many  tuples  simultaneously). 

Related  developments  have  concurrently  been 
taking  place  in  temporal  databases.  Indeed, 
time  values  are  intrinsically  interpreted  and  this 
can  be  exploited  for  finitely  representing  poten¬ 
tially  infinite  temporal  extensions.  For  instance, 
in  [KSW90]  infinite  temporal  extensions  are  rep¬ 
resented  with  the  help  of  periodicity  and  inequ^- 
ity  constraints,  whereas  in  [CI88,  CI89,  CI93] 
and  [Bau89,  Bau92]  deductive  rules  over  the  inte¬ 
gers  are  used  for  the  same  purpose.  Constraints 
have  also  been  used  recently  for  representing  in¬ 
complete  temporal  information  [vdM92,  Kou92, 
Kou93]. 
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If  one  surveys  the  existing  work  on  databases 
with  interpreted  data  and  implicit  representa¬ 
tions,  one  finds  contributions  on  the  expressive¬ 
ness  of  the  various  representation  formalisms 
[Bau,  BNW91,  BCW93],  on  the  complexity  of 
query  evaluation  [Cho90,  CM90,  Rev90,  vdM92], 
and  on  data  structures  and  algorithms  to  be 
used  in  the  representation  of  constraint  expres¬ 
sions  and  in  query  evaluation  [FVP92,  Sri92, 
BJM93,  BLL93,  KRW93].  However,  much  less 
has  been  done  on  extending  other  parts  of  tradi¬ 
tional  database  theory,  for  instance  schema  de¬ 
sign  and  dependency  theory.  It  should  be  clear 
that  dependency  theory  is  of  interest  in  this  con¬ 
text.  For  instance,  in  [JS92],  one  finds  a  taxon¬ 
omy  of  dependencies  that  are  useful  for  tempo¬ 
ral  databases.  In  [GH83,  GH86,  1093,  Z093], 
one  finds  a  study  of  integrity  constraints  over 
databases  with  ordered  domains,  which  can  be 
viewed  as  constraint-generating  dependencies. 

One  might  think  that  the  study  of  dependency 
theory  has  been  close  to  exhaustive.  While  this 
is  largely  so  for  dependencies  over  uninterpreted 
data  (that  is,  the  context  in  which  data  values 
can  oidy  be  compared  for  equality)  (Tha91],  the 
situation  is  quite  different  for  dependencies  over 
data  domains  with  a  richer  structure.  The  sub¬ 
ject  of  this  paper  is  the  theory  of  these  inter¬ 
preted  dependencies. 

SpecificaUy,  we  study  the  class  of  consiraint- 
gtntniing  dependencies.  These  are  the  gen¬ 
eralization  of  equality-generating  dependencies 
[BV84],  allowing  arbitrary  constraints  on  the 
data  domain  to  appear  wherever  the  latter  only 
allow  equalities.  For  instance,  a  constraint¬ 
generating  dependency  over  an  ordered  domain 
can  specify  that  if  the  value  of  an  attribute  A 
in  a  tuple  iy  is  less  than  the  value  of  the  same 
attribute  in  a  tuple  fj,  then  an  identical  rela¬ 
tion  holds  for  the  values  of  an  attribute  B.  This 
type  of  dependency  can  express  a  wide  variety 
of  constraints  on  the  data.  For  instance,  most 
of  the  temporal  dependencies  appearing  in  the 
taxonomy  of  [JS92]  are  constraint-generating  de¬ 
pendencies. 

Our  technical  contributions  address  the  im¬ 


plication  and  the  consistency  ‘  problems  for 
constraint-generating  dependencies.  The  natu¬ 
ral  approach  to  these  problems  is  to  write  the 
dependencies  as  logical  formulas.  Unfortunately, 
the  resulting  formulas  are  not  just  formulas  in 
the  theory  of  the  data  domain.  Indeed,  they  also 
contain  uninterpreted  predicate  symbols  repre¬ 
senting  the  relations  and  thus  are  not  a  priori 
decidal>le,  even  if  the  data  domain  theory  is  de¬ 
cidable. 

To  obtain  decision  procedures,  we  show  that 
the  predicate  symbols  can  be  eliminated.  Since 
the  predicate  symbols  are  implicitly  universally 
quantified,  this  can  be  viewed  as  a  form  of  second- 
order  quantifier  elimination.  It  is  based  on  the 
fact  that  it  is  sufficient  to  consider  relations  with 
a  small  finite  number  of  tuples.  This  then  al¬ 
lows  quantifier  elimination  by  explicit  represen¬ 
tation  of  the  possible  tuples.  The  fact  that  one 
only  needs  to  consider  a  small  finite  number  of 
tuples  is  analogous  to  the  fact  that  the  impli¬ 
cation  problem  for  functional  dependencies  can 
be  decided  over  2-tuple  relations  [Mai83].  Fur¬ 
thermore,  for  pure  functional  dependencies,  our 
quantifier  elimination  procedures  yields  exactly 
the  usual  reduction  to  propositional  logic.  For 
more  general  constraint  dependencies,  it  yields  a 
formula  in  the  theory  of  the  data  domain.  Thus, 
if  this  theory  is  decidable,  the  implication  and  the 
consistency  problems  for  constraint-dependencies 
are  also  decidable. 

The  complexity  of  the  decision  procedure  de¬ 
pends  on  the  specific  data  domain  being  consid¬ 
ered  and  on  the  exact  form  of  the  constraint  de¬ 
pendencies.  We  consider  three  typical  constraint 
languages:  equalities/inequalities,  ordering  con¬ 
straints,  and  linear  arithmetic  constraints.  We 
give  a  variety  of  complexity  results  for  the  impli¬ 
cation  problem  of  dependencies  over  these  theo¬ 
ries  and  show  the  impact  of  the  form  of  the  de¬ 
pendencies  on  tractability. 


I  Though  consistency  is  always  satisfied  for  equality¬ 
generating  dependencies,  more  general  constraints  turn  it 
into  a  nontrivial  problem. 
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2  Constraint-Generating 
Dependencies 

Consider  a  relational  database  where  some  at¬ 
tributes  take  their  values  in  specific  domains, 
such  as  the  integers  or  the  reals,  on  which  a  set 
of  predicates  uid  functions  are  defined.  We  call 
su<^  attributes  inierpreled.  For  the  simplicity  of 
the  presentation,  let  us  assume  that  the  database 
only  contains  one  (universal)  relation  r  and  let 
us  ignore  the  noninterpreted  attributes.  In  this 
context,  it  is  natural  to  generalize  the  notion  of 
equality-generating  dependency  [BV84].  Raither 
than  specifying  the  propagation  of  equality  con¬ 
straints,  we  write  similar  statements  involving  ar¬ 
bitrary  constraints  (i.e.,  arbitrary  formulas  in  the 
theory  of  the  data  domain).  Specifically,  we  de¬ 
fine  constnint-generating  k~dtpcndtncies  as  fol¬ 
lows  (the  constant  k  specifies  the  number  of  tu¬ 
ples  the  dependency  refers  to). 

Definition  2>1  Given  a  relation  r,  a  consiraini- 
generating  k~dtptndencg  over  r  (with  k  >  1)  is  a 
first-order  formula  of  the  form 

(Vti)  •  -  •  (Vf*)  I [r(t i)  A  •  •  •  A  r(tt)  A  C(t  1, . . . , t*]] 

=>C'[*i,...,tfc]] 

where  C[<i,...,tfc]  and  (7'[fi, . . .,<*]  denote- ar¬ 
bitrary  constraint  formulas  relating  the  values  of 
various  attributes  in  the  tuples  ti, There 
are  no  restrictions  on  these  formulas,  they  can  in¬ 
clude  all  constructs  of  the  constraint  theory  un¬ 
der  consideration,  including  quantification  on  the 
constraint  domain. 

Constraint-generating  1-dependencies  as  well 
as  constraint-generating  2-dependencies  are  the 
most  common.  Notice  that  functional  dependen¬ 
cies  are  a  special  form  of  constraint-generating  2- 
dependencies.  Constraint-generating  dependen¬ 
cies  can  naturally  express  a  variety  of  arithmetic 
integrity  constraints.  The  following  examples  il¬ 
lustrate  their  definition  and  show  some  of  their 
potential  applications. 


Example  2.1  In  [JS92],  an  exhaustive  taxon¬ 
omy  of  dependencies  that  can  be  imposed  on  a 
temporal  relation  is  given.  Of  the  more  than 
30  types  of  dependencies  that  are  defined  there, 
all  but  4  can  be  written  as  constraint-generating 
dependencies.  These  last  4  require  a  generaliza¬ 
tion  of  tuple-generating  dependencies  [BV84]  (see 
Section  5). 

For  instance,  let  us  consider  a  relation  r(tt,  vf) 
with  two  temporal  attributes;  transaction  time 
(it)  and  valid  time  (vt).  The  property  of  r  be¬ 
ing  “strongly  retroactively  bounded”  with  bound 
c  >  0  is  expressed  as  the  constraint-generating 
1-dependency 

(Vti)[r(<i) 

[(*i[«]  <  +  c)  A  (tiH  <  ti[tt])]] . 

The  property  of  r  being  “globally  nondecreas¬ 
ing”  is  expressed  as  the  constraint-generating  2- 
dependency 

(Vti)(Vt2)[[r(/i)  A  r(i2)  A  (ti(«]  <  tjltt])] 

=>  (fiM  <  ‘zh*])]  -  ■ 

Example  2.2  Let  us  consider  a  rela¬ 
tion  emp(name,  boss,salar!i).  Then  the  fact  that 
an  employee  cannot  make  more  than  her  boss  is 
expressed  as 

(V<l)(V<2) 

|[emp(<i)  A  emp{t2)  A  (ti[6oss]  =  t2[»*®”»e])] 
=>  (ti[so/ory]  <  t2[solory])j .  I 

3  Decision  Problems  for 
Constraint- Generating 
Dependencies 

The  basic  decision  problems  for  constraint¬ 
generating  dependencies  are: 

•  implication:  does  a  finite  set  of  dependencies 
D  imply  a  dependency  do? 

•  consistency:  does  a  finite  set  of  dependencies 
D  have  a  non-trivial  model,  that  is,  is  D  true 
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in  a  nonempty  telation? 

The  first  problem  is  a  classical  problem  of 
database  thec»y.  Its  practical  motivation  comes 
from  the  need  to  detect  redundant  dependencies, 
that  is,  those  that  are  implied  by  a  given  set  of 
dependencies.  The  second  problem  has  a  trivial 
answer  for  uninterpreted  dependencies:  every  set 
of  equality-  and  tuple-generating  dependencies 
has  a  1-element  model.  However,  even  a  single 
constraint-generating  dependency  may  be  incon- 
mtent,  as  illustrated  by  (Vt)[r(t)  ^  t[l]  <  t[l]]. 
We  only  study  the  implication  problem  since  the 
consistency  problem  is  its  dual:  a  set  of  depen¬ 
dencies  D  is  inconsistent  if  and  only  if  D  implies 
a  dependency  of  the  form: 

(Vt)[r(t)=>C] 

where  C  is  any  unsatisfiable  constraint  (we  as¬ 
sume  the  existence  of  at  least  one  such  unsatisfi¬ 
able  constraint  formula). 

The  result  we  prove  in  this  section  is  that  the 
implication  problem  for  constraint-generating  de¬ 
pendencies  reduces  to  the  unsatisfiability  prob¬ 
lem  for  a  formula  in  the  underlying  constraint 
theory.  Specific  dependencies  and  theories  wUl 
be  considered  in  Section  4,  and  the  correspond¬ 
ing  complexity  results  provided.  The  reduction 
proceeds  in  three  steps.  First,  we  prove  that 
the  implication  problem  is  equivalent  to  the  im¬ 
plication  problem  restricted  to  finite  relations  of 
bounded  size.  Second,  we  eliminate  from  the  im¬ 
plication  to  be  decided  the  second-order  quantifi¬ 
cation  (over  relations).  Third,  we  eliminate  the 
first-order  quantification  (over  tuples)  from  the 
dependencies  themselves  and  replace  it  by  quan¬ 
tification  over  the  domain  -  a  process  that  we  call 
apmmetrization.  This  gives  us  the  desired  result. 

3.1  Statement  of  the  Problem  and 
Notation 

Let  r  denote  a  relation  with  n  interpreted  at¬ 
tributes.  Let  do,di, . . .  ,dm  denote  constraint- 
generating  it-dependencies  over  the  attributes 
of  r.  The  value  of  k  need  not  be  the  same  for 
all  dj’s.  We  denote  by  ko  the  value  of  k  for  do- 


The  dependency  implication  problem  consists 
in  deciding  whether  do  is  implied  by  the  set  of 
dependencies  D  =  {di, . . . , dm)  In  other  words, 
it  consists  in  deciding  whether  do  is  satisfied  by 
every  interpretation  that  satisfies  D,  which  can 
be  formulated  as 

(Vr)  [r  ^  D  r  )=  do] ,  (1) 

where  D  stands  for  dj  A  ■  - '  A  dm- 
We  equivalently  write  formula  (1)  as 

(Vr)[z>(r)=>do(r)] 

when  we  wish  to  emphasize  the  fact  that  the  de¬ 
pendencies  apply  to  the  tuples  of  r. 

3.2  Towards  a  Decision  Procedure 

3.2.1  Reduction  to  ib-tuple  Relations 

We  first  prove  that,  when  dealing  with 
constraint-generating  ib-dependencies,  it  is  suffi¬ 
cient  to  consider  relations  of  size^  k. 

Lenuna  3.1  Let  d  denote  any  constraint-gener¬ 
ating  k-dependency.  If  a  relation  r  does  not  sat¬ 
isfy  d,  then  there  is  a  relation  r'  of  size  k  that 
does  not  satisfy  d.  Furthermore,  r'  is  obtained 
from  r  by  removing  and/or  duplicating  tuples. 

Proof:  Let  us  assume  that  r  does  not  satisfy  the 
ib-dependency  d,  which  is  of  the  form 

(Vti)  •  ■  •  (Vtt)  [ [r(li)  A  •  •  A  r(ti)  A  C[tx. . . . , U]] 

This  means  that  there  must  exist  k  tu¬ 
ples  ti...,tk  in  r  such  that  C[ti,...,tt]  holds 
uid  C'lti, . . .  ,t*]  does  not  hold.  Take  r'  to  be 
the  relation  consisting  of  these  tuples.  Notice 
that  these  tuples  are  not  necessarily  distinct,  but 
we  do  keep  duplicate  tuples  in  r'  so  that  it  is  of 
size  exactly  k.  Clearly  r'  does  not  satisfy  d.  I 

^In  what  follows,  we  consider  relations  as  multisets 
rather  than  sets.  This  has  no  impact  on  the  implication 
problem,  but  simplifies  our  procedure. 
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Lemma  3.2  If  a  relation  r  aaiiafies  a  set 
of  constraint-generating  k-dependencies  D  = 
*Kd  does  not  satisfg  a  constraint¬ 
generating  ko-dependency  do,  then  there  is  a  re¬ 
lation  r'  of  sise  ko  that  satisfies  D  but  does  not 
satisfg  do- 


Proof:  Let  us  assume  that  r  satisfies  D  and 
does  not  satisfy  do.  Since  r  does  not  satisfy  do, 
we  can  conclude  by  Lemma  3.1  that  there  exists 
a  relation  r'  of  size  ko  that  does  not  satisfy  do- 
Since  r  satisfies  D,  this  relation  r'  also  satisfies 
D.  Indeed,  r'  is  obtained  from  r  by  eliminat¬ 
ing  zmd  duplicating  tuples  &om  r  (Lemma  3.1), 
and  this  cannot  falsify  the  constraint-generating 
dependencies  of  D,  which  are  universally  quan¬ 
tified  formulas  over  tuples.  Therefore,  there  is  a 
relation  r'  of  size  ko  that  satisfies  D  but  not  do- 
I 


Theorem  3.3  Consider  an  instance  {D,  do)  of 
the  dependency  implication  problem  where  do  *s 
a  constraint-generating  ko-dependency.  The  de¬ 
pendency  do  is  implied  by  D  over  all  relations  if 
and  only  if  it  is  implied  by  D  over  relations  of 
size  ko-  fn  other  words, 

(yr)\r\=D=>r]=do] 
if  and  only  if 

(Vr')[lr'|  =  io=>[r'|=i?=>r'N  do]]. 

Proof:  One  direction  is  trivial.  For  the  other, 
assume  that  the  imidication  is  sati&ned  by  all  re¬ 
lations  of  size  ko-  First,  it  is  satisfied  by  ail  re¬ 
lations  of  size  less  than  ko  since  such  a  relation 
can  be  transformed  into  a  relation  of  size  ko  by 
duplicating  tuples.  Next,  it  must  be  satisfied  by 
all  relations  of  size  greater  than  ko-  Indeed,  let 
us  assume  that  one  such  relation  r  does  not  sat¬ 
isfy  the  implication,  that  is,  r  |=  17,  but  r  do- 
Then,  by  Lemma  3.2,  there  must  exist  a  relation 
of  size  ito  that  satisfies  D  but  not  do  -  a  contra¬ 
diction.  I 


3.2.2  Second-order  Quantifier  Elimina¬ 
tion 

By  Theorem  3.3,  in  order  to  decide  the  implica¬ 
tion  problem,  we  just  need  to  be  able  to  decide 
this  problem  over  relations  of  size  k  for  a  given 
k.  Deciding  the  implication  (1)  thus  reduces  to 
deciding 

(Vr')[[|r'|  =  i:AD(r')]=>do(r')].  (2) 

Let  r'  =  ••  •,<**}  denote  an  arbitrary 

relation  of  size  k  where  are  ar¬ 

bitrary  tuples.  We  can  eliminate  the  (second- 
order)  quantification  over  relations  from  the  im¬ 
plication  (2)  and  replace  it  with  a  quantification 
over  tuples  (that  is,  over  vectors  of  elements  of 
the  domain).  We  get 

(Vt..)-(Vt.J 

|l7({lxi  I  ...  I  fx*})  do({lxi ,  ■  •  • ,  frjkl)]  •  (3) 

3.2.3  Symmetrization 

In  this  section,  we  simplify  the  formula  (3),  whose 
validity  is  equivalent  to  the  constraint  depen¬ 
dency  implication  problem,  by  eliminating  the 
quantification  over  tuples  that  appears  in  the  de¬ 
pendencies.  We  refer  to  this  quantifier  elimina¬ 
tion  procedure  for  dependencies  as  symmetriza¬ 
tion.  For  the  sake  of  clarity,  we  present  the  de¬ 
tails  of  the  symmetrization  process  for  the  case 
where  k  =  2.  The  process  can  be  generalized 
directly  to  the  more  genersd  case. 

For  the  case  where  k  =  2,  the  formula  (3)  to 
be  decided  is  the  following. 

(Vtx)(^f»)  l-Dlifxity})  do({txity})]  • 

We  can  simplify  this  formula  further  by  eliminat¬ 
ing  the  quantification  over  tuples  that  appears  in 
the  dependencies  d{{tx,ty})  in  Z?U  {do}-  Every 
such  dependency  d({tx,  ty  })  can  indeed  be  rewrit¬ 
ten  as  a  constraint  formula  c/(d)  in  the  following 
manner. 
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1.  Let  </  be  a  1-dependency,  that  is,  d  is  of  the 

form  (Vt)  J[r'(t)  AC[t]]  ^  .  This  depen¬ 

dency  considered  over  r'  =  {t*,ty}  is  equiv¬ 
alent  to  the  constraint  formula 

c/(d)  :  [C[t.]  =>  C'lt,]]  A  [C[ty]  =»  C'[fy]] , 

which  is  a  conjunction  of  ib  =  2  constraint 
implications.  Notice  that  the  and  ty  ap¬ 
pearing  in  this  formula  are  just  tuples  of 
variables  ranging  over  the  domain  of  the  con¬ 
straint  theory  of  interest. 

2.  Let  d  be  a  2-dependency,  that  is,  d  is  of  the 
form 

(Vfi)(Vf2)[[r'(<i)  /V  r'(t2)  A  C;[ti,t2]] 

This  dependency  considered  over  r'  = 
is  equivalent  to  the  constraint  for¬ 
mula 

C/(d)  ;  [C[t* ,  ty]  =>  C'[U ,  ty]]  A 

C'ffyifx]  ^  C'\ty,tx\  A 
=>  C*\lx,tx\  A 

C[ty,ty]  ^  C'[fy,ty]  , 

which  is  a  conjunction  of  =  4  constraint 
implications. 

The  rewriting  of  d  as  c/(d)  is  what  we  call  the 
symmetrization  of  d,  for  rather  obvious  reasons. 
It  extends  directly  to  any  value  of  k.  Notice  that 
for  a  given  k,  any  j-dependency  d  is  rewritten  as 
a  constraint  formula  cf{d),  which  is  a  conjunction 
ofk^  constraint  implications.  Interestingly,  in  the 
case  of  functional  dependencies,  symmetrization 
is  not  needed.  This  is  due  to  the  fact  that  the 
underlying  constraints  are  equadities,  which  are 
already  symmetric.  Hence,  in  that  case  as  well 
as  in  any  other  case  of  symmetric  constraints, 
symmetrization  would  produce  several  instances 
of  the  same  constraint  formulas. 

Applying  the  symmetrization  process  to  all  the 
dependencies  appearing  in  the  formula  (3),  we  get 

(Vtxi ) • • • (Vt*i ) 

[c/(di)A-Ac/(d„)=>c/(do)j.  (4) 


Notice  that  in  formula  (4),  each  tuple  variable 
can  be  replaced  by  n  domain  variables,  and  thus 
the  quantification  over  tuples  can  be  replaced  by 
a  quantification  over  elements  of  the  domain.  For 
the  sake  of  clarity,  we  simply  denote  by  (V*)  the 
adequate  quantification  over  elements  of  the  do¬ 
main  (the  tiniversal  closure).  Formula  (4)  thus 
becomes 

(V*)  [c/(di)  A  •  •  ■  A  cfidm)  =>  c/(do)] ,  (5) 

where  each  cf(d)  is  a  conjunction  of  k^  constraint 
implications  if  d  is  a  j-dependency  and  do  is  a 
i-dependency.  Thus,  we  have  reduced  the  im¬ 
plication  problem  to  the  validity  of  a  universally 
quantified  formula  of  the  constraint  theory. 

Example  3.1  Let  us  consider  the  following 
constraint-generating  2-dependencies  over  a  re¬ 
lation  r  with  a  single  attribute. 

di  •  (Vz)(Vj/)  r(x)  A  r(y)  =>  x  <y 
di  :  (V*)(Vy)  r(i)  A  r(y)  x  -  y 

Symmetrizing  them  produces  the  following  con¬ 
straint  formulas. 

c/(di)  :  x<yAy<xAx<xAy<y 
c/{d2)  :  x=.yAyzzxAx  =  xAy=y. 

It  is  clear  that  these  two  constrmnt  formulas  are 
equivalent,  as  they  should  be  I 

4  Complexity  Results 

In  order  to  study  the  complexity  of  the  impli¬ 
cation  pr  Mem  for  constraint-generating  depen¬ 
dencies,  first  make  the  assumption  that  the 
constraint  formulas  appearing  in  these  depen¬ 
dencies  are  conjunctions  of  atomic  constraints. 
This  assumption  is  satisfied  by  all  the  exam¬ 
ples  of  interest.  Without  loss  of  generality,  we 
also  assume  that  the  consequents  of  dependen¬ 
cies  are  atomic.  We  call  such  simpler  depen¬ 
dencies  clausal  constraint- generating  dependen¬ 
cies.  Moreover,  we  assume  that  the  constraint 
language  is  closed  under  negation. 
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Simple  transformations  demonstrate  that  for 
clausal  dependencies  the  implication  problem  can 
be  expressed  as  the  unsatishability  of  a  formula 
of  the  following  form: 

(3.)[a(V(«/)1' 

•  i 

where  each  c,-j  is  an  atomic  formula.  When 
|D|  =  m  and  dg  is  a  i-dependency,  the  num¬ 
ber  of  copjuncts  in  the  formulas  above  is  at  most 
equal  to  m-k^  plus  the  number  of  constraints  in 
do-  Thus  deciding  the  validity  of  the  implication 
problem  for  ib-dependencies  (k  fixed)  can  be  done 
by  checking  the  unsatisfiability  of  a  fixed  number 
of  coitjunctive  normal  form  constraint  formulas 
of  length  that  is  linear  in  the  size  of  D  U  (do}- 
The  opposite  LOGSPACE  reduction  also  exists. 

Given  the  above  reductions,  we  obtain  several 
complexity  results  for  the  implication  problem  for 
specific  constraint  languages.  Assuming  that  k  is 
fixed,  we  have  the  following. 

Theorem  4.1  For  constraints  in  the  theory  of 
equality  and  order  over  the  integers  or  the  reals, 
the  implication  problem  for  clausal  constraint¬ 
generating  k- dependencies  is; 

•  in  PTIME  for  dependencies  with  one  atomic 
constraint  (no  constraints  in  the  antecedent) 
[U1189,  page  892], 

•  co-NP-complete  for  dependencies  with  two 
or  more  atomic  constraints, 

under  the  assumption  that  no  domain  constants 
appear  in  the  dependencies. 

It  is  interesting  to  note  that  in  the  second  case 
equalities  and  inequalities  suffice  to  obtain  the 
co-NP  lower  bound.  Notice  that  the  correspond¬ 
ing  propositional  problem,  3SAT,  requires  three 
literals  per  clause.  Also,  for  finite  domains  of  size 
greater  than  2  the  implication  problem  is  co-NP- 
complete  even  for  dependencies  with  one  atomic 
constraint. 

We  consider  now  linear  arithmetic  constraints, 
i.e.,  atomic  constraints  of  the  form 

om  H - hat*i  <  a 


(domain  constants  are  allowed  here)  We  can  use 
here  the  results  about  the  complexity  of  linear 
programming  [Sch86]. 

Theorem  4.2  for  linear  arithmetic  constraints 
the  implication  problem  for  clausal  constraint- 
-generating  k- dependencies  with  one  atomic  con¬ 
straint  per  dependency  is: 

•  in  PTIME  for  the  reals, 

•  co-NP-complete  for  the  integers. 

To  obtain  more  tractable  classes,  we  propose 
to  restrict  further  the  syntax  of  dependencies  by 
typing.  A  clausal  dependency  is  typed  if  each 
atomic  constraint  involves  only  the  values  of  one 
given  attribute  in  different  tuples.  The  second 
dependency  in  Example  2.1  is  typed,  while  the 
first  one  and  the  one  in  Example  2.2  are  not. 

We  have  then  the  following. 

Theorem  4.3 

The  implication  problem  for  typed  clausal  con¬ 
straint-generating  2-dependencies  is: 

•  in  PTIME  for  dependencies  with  at  most  two 
atomic  constraints  in  the  theory  of  equality 
over  the  integers  or  the  reals, 

•  in  PTIME  for  dependencies  with  at  most 
two  atomic  constraints  in  the  theory  of  or¬ 
der  over  the  integers  or  the  reals, 

•  co-NP-complete  for  dependencies  with  two 
or  more  atomic  constraints  in  the  theory  of 
equality  and  order  over  the  integers  or  the 
reals, 

under  the  assumption  that  no  domain  constants 
appear  in  the  dependencies. 

Note  that  the  first  result  is  different  from  the 
well-known  result  about  linear-time  implication 
for  functional  dependencies.  Functional  depen¬ 
dencies  viewed  as  constraint-generating  depen¬ 
dencies  allow  only  equality  constraints  which  are 
not  closed  under  negation.  Moreover,  constraint¬ 
generating  dependencies  with  two  constraints  in 
the  body  correspond  to  unary  functional  depen¬ 
dencies. 
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5  Conclusions  and  Related 
Work 

A  brief  summary  of  tbis  paper  is  that  constraint- 
generating  dependencies  are  an  interesting  con¬ 
cept,  and  that  deciding  implication  of  such  de¬ 
pendencies  is  basically  no  harder  than  deciding 
the  underlying  constraint  theory,  which,  a  priori, 
was  not  obvious.  We  have  only  given  a  sample 
of  complexity  results  for  common  constraint  the¬ 
ories.  It  is  clear  that  this  is  far  from  exhaustive 
and  that,  depending  on  the  application,  other 
constraint  languages  might  also  be  relevant,  for 
instance  the  congruence  constraints  that  appear 
in  [JS92]. 

Other  forms  of  constraint  dependencies  can 
also  be  of  interest.  An  obvious  candidate  is 
the  concept  of  tuple-generating  constraint  depen¬ 
dency.  Unfortunately,  the  implication  problem 
for  these  dependencies  is  harder  to  decide  and 
more  closely  linked  to  the  underlying  theory.  In¬ 
deed,  tuple-generating  constraint  dependencies 
can,  for  example,  specify  a  dense  domain.  The 
obvious  applications  of  constraint-generating  de¬ 
pendencies  are  constraint  database  design  theory 
and  consistency  checking. 

As  far  as  related  work,  we  should  first  men¬ 
tion  that  Jensen  and  Snodgrass  [JS92]  induced 
us  to  think  about  constraint  dependencies.  We 
should  note  that  the  integrity  constraints  pos¬ 
tulated  there  involve  both  typed  and  untyped 
constraint-generating  dependencies,  as  well  as 
tuple-generating  ones. 

Also,  two  recent  papers  on  implication  con¬ 
straints  by  Ishakbeyoglu,  Ozsoyoglu  and  Zhang 
[1093,  Z093]  present  work  fairly  close  to  ours. 
However,  there  are  several  important  differences. 
Foremost,  they  consider  a  fixed  language  of  con¬ 
straint  formulas,  namely  equality  (=),  inequality 
(^),  and  order  (<,<)  constraints,  while  our  re¬ 
sults  are  applicable  to  any  decidable  constraint 
theory  thanks  to  our  general  reduction  strategy. 
Second,  their  complexity  results  are  obtained  in 
a  slightly  different  model.  They  consider  both 
the  number  of  database  literab  and  the  arity  of 
relations  in  a  dependency  as  parts  of  the  input, 


while  we  consider  only  the  latter.  We  think  that 
our  model  is  more  intuitive  because  it  is  diffi¬ 
cult  to  come  up  with  a  meaningful  dependency 
that  references  more  than  a  few  tuples  in  a  re¬ 
lation.  Our  intractability  results  are  stronger 
than  theirs,  while  our  positive  characterizations 
of  polynomial  time  decidable  problems  do  not 
necessarily  carry  over  to  their  framework.  Also, 
in  [1093,  Z093],  the  tr^u:table  classes  of  depen¬ 
dencies  are  not  defined  syntactically  but  rather 
by  the  presence  or  absence  of  certain  types  of 
refutations. 

Order  dependencies,  proposed  by  Ginsburg 
and  Hull  [GH83,  GH86],  are  typed  clausal  2- 
dependencies  over  the  theory  of  equality  and  or¬ 
der  (without  ^).  The  order  is  not  required  to 
be  total.  Ginsburg  and  Hull  provided  an  ax- 
iomatization  of  such  dependencies  and  proved 
that  the  implication  problem  is  co-NP-complete 
for  dependencies  with  at  least  three  constraints. 
This  does  not  subsume  any  of  our  results.  They 
also  provided  a  number  of  tractable  dependency 
classes  which  are,  again,  different  from  ours. 
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1  Introduction 

Object-oriented  database  (OODB)  systems  will,  most  probably,  have  a  significant  role  to  play  in  the  next 
generation  of  commercial  database  systems.  While  OODB  systems  have  a  sophisticated  collection  of  features 
for  data  modeling,  current-day  OODB  systems  provide  little  or  no  support  for  representing  and  manipulating 
partially  specified  information.  Very  often,  however,  the  knowledge  that  we  would  like  to  represent  in  a  database 
is  incomplete. 

For  example,  assume  that  an  OODB  is  used  to  represent  knowledge  about  plays  and  playwrights.  If  Shake¬ 
speare’s  year  of  birth  were  known  to  be  1564,  this  could  be  represented  easily  in  the  database.  However,  historians 
do  not  have  complete  information  about  playwrights  such  as  Shakespeare;  they  have  only  estimates  of  his  date  of 
birth  and  when  he  wrote  his  various  plays;  occasionally  these  estimates  are  refined  reflecting  the  results  of  new 
research.  Partial  information  about  Shakespeare’s  year  of  birth  can  be  represented  naturally  as  a  coiyunction 
of  constr^ts,  Shakespeare. Year.ofJbirth  >  1560  A  Shakespeare. Year.of3irth  <  1570.  As  emother  example,  an 
image  from  a  weather  satellite  may  allow  a  meteorologist  to  estimate  the  location  of  the  eye  of  a  hurricane  only 
to  within  a  small  region,  rather  than  know  it  precisely.  Both  these  examples  illustrate  the  use  of  existential 
constraints  in  the  database;  Shakespeare  was  born  in  some  specific  year  within  the  range  described,  and  the  eye 
of  the  hurricane  is  at  some  specific  location  within  the  region. 

Constraints  can  be  used  also  to  represent  compactly  (possibly  infinite)  sets  of  fully  specified  values.  For 
example,  electronic  components  typically  have  certain  tolerances  for  voltage  and  frequency  inputs,  i.e.,  these 
components  would  work  properly  for  all  voltage  and  frequency  inputs  within  the  specified  tolerances.  A  natural 
representation  of  such  a  set  of  acceptable  voltage  inputs  is  a  conjunction  of  universal  constraints,  CDPlayer.  Voltage 
>  108  A  CDPlayer. Voltage  <  117. 

One  of  the  contributions  of  this  paper  is  to  identify  these  two  distinct  uses  of  constraints  in  data  models; 
to  represent  partially  specified  values  and  to  compactly  represent  sets  of  fully  specified  values.  The  former  use 
is  related  to  the  notion  of  store-as-constraint  (see  (Sar89],  for  instance),  whereas  the  latter  use  is  simileu  to  the 
notion  of  a  constraint  fact  as  a  finite  presentation  (see  [BNW91,  KKR90,  KG94,  Ram91,  Rev93],  for  instance). 

The  technical  contributions  of  this  paper  are  as  follows; 

•  We  describe  how  an  object-based  data  model  can  be  enhanced  with  (existential)  constraints  to  represent 
naturally  partiaUy  specified  information  (Section  2).  We  refer  to  this  as  the  Constraint  Object  Data  Model 
(CODM). 
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•  We  present  a  declarative,  rule-based,  language  that  can  be  used  to  reason  with  information  represented  in 
the  COOM.  We  refer  to  this  as  the  Constraint  Object  Query  Language  (COQL)  (Section  3).  COQL  has 
a  model- theoretic  and  an  equivalent  hxpoint  semantics,  based  on  the  notions  of  constraint  entailraent  and 
“truth  in  all  possible  worlds” . 

One  of  the  novel  features  of  COQL  is  the  notion  of  monoionic  refinement  of  paurtial  information  in  object- 
based  databases. 

•  We  present  a  novel  polynomial-time  algorithm  for  quantifier  elimination  for  a  restricted  class  of  set  con¬ 
straints  that  uses  €  and  C.  We  refer  to  this  class  as  set-order  constraints.  The  quantifier  elimination 
algorithm  can  also  be  used  to  check  satisfiability  and  entailment  of  conjunctions  of  set-order  constraints  in 
polynomial  time. 

Both  the  constraint  object  data  model  and  the  constraint  object  query  language  are  easily  extended  to 
compactly  represent  sets  of  fully  specified  values  using  universal  constraints,  and  manipulate  such  values  using 
a  declarative,  rule-based  language,  following  the  approach  of  [KKR90,  Ram91].  For  reasons  of  space,  we  do  not 
pursue  this  further  in  the  paper. 

Integration  of  constraints  with  objects  has  also  been  considered  by  Freemrui-Benson  and  Borning  ([FBB92a, 
FBB92b]).  Their  work  differs  from  ours  in  that  their  languages,  Kaleidoscope’90  and  Kaleidoscope’91,  are  im¬ 
perative  languages  using  the  Von  Neumann  memory  model.  We  are  interested  in  the  incorporation  of  constraints 
into  objects  in  a  more  declarative  setting. 

This  paper  is  based  on  work  in  progress,  and  the  various  ideas  are  motivated  primarily  through  examples. 


2  Constraint  Object  Data  Model 

First,  we  need  to  understand  the  notions  of  a  fact  and  an  object.  A  fact  is  a  tuple  of  typed  attribute/value 
pairs;  this  is  well-accepted  in  the  literature.  Unfortunately,  there  appears  to  be  little  consensus  in  the  literature 
on  answering  the  question  “What  is  an  object?”.  Hence,  we  (deliberately)  use  a  simple  and  very  general  notion 
of  an  object,  which  is  consistent  with  many  of  the  object-based  data  models  in  the  literature. 

We  treat  an  object  as  consisting  of  an  object  identifier  (oid)  and  a  tuple  of  typed  attribute/value  pairs.  Thus, 
an  object  differs  from  a  fact  only  in  that  it  has  an  object  identifier.  An  object  identifier  uniquely  specifies 
an  object,  i.e.,  no  two  objects  can  have  the  same  object  identifier.  Hence,  an  object  identifier  can  be  used  to 
distinguish  an  object  from  other  objects  in  the  database,  and  can  serve  as  a  handle  for  updating  the  attribute 
values  without  changing  the  identity  of  the  object.  We  do  not  make  any  assumptions  about  the  domains  of  the 
attributes  of  objects  (or  of  facts);  these  could  be  primitive  types,  tuple  types,  set  types,  user-defined  classes,  etc. 
Our  view  of  an  object  thus  far  is  fairly  standard;  for  instance,  it  is  consistent  with  the  view  of  [AK89]. 

The  Constraint  Object  Data  Model  (CODM)  incorporates  both  facts  and  objects,  but  relaxes  the  restriction 
that  the  “value”  of  an  attribute  must  be  a  constant  of  the  appropriate  type;  domain-specific  constraints  can 
be  used  to  represent  partial  information  about  the  value  of  an  attribute.  Such  attributes  are  referred  to  as  E- 
attrihvtes.  (Attributes  whose  values  are  completely  known  can  be  modeled  also  as  E-attributes  with  sufficiently 
tight  constraints.)  In  the  examples  discussed  in  the  paper,  the  domain  of  an  E-attribute  is  either  the  integers  or 
sets  of  objects. 

Conceptually,  all  the  constraints  on  E-attributes  of  facts  and  objects  are  maintained  globally.  This  allows 
for  specification  of  inter-object  constraints,  which  are  very  useful  in  many  situations.  However,  in  many  of  the 
examples  discussed  in  the  paper  it  suflSces  to  associate  constraints  with  the  objects  whose  E-attributes  they 
constrain;  when  possible,  we  depict  the  constraints  in  this  fashion  for  ease  of  understanding. 

As  is  common  in  the  literature,  we  assume  that  facts  in  the  database  are  grouped  together  into  relations,  and 
objects  in  the  database  are  grouped  together  into  classes.  Classes  can  be  organized  into  an  inheritance  hierarchy; 
however,  this  is  orthogonal  to  our  discussion,  and  we  do  not  deal  with  inheritance  in  this  paper. 

We  motivate  the  modeling  power  of  our  constraint  object  data  model  using  an  example. 
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'  Example  2.1  (Playwrights  and  Plays) 

There  are  two  classes  of  objects  in  the  database;  playwrights  and  plays.  Partial  information  is  represented 
about  the  year  of  composition  of  the  plays,  the  writers  of  the  plays,  and  the  year  of  birth  of  the  playwrights. 


playwrights 


Year-of-birth 


Oid  Name 


oidl  Shakespeare 


oid2  Fletcher 


oidS  Kalidasa 


The  constraints  associated  with  each  object  are  ezistential  constraints  in  that  the  value  of  the  E-attribute  is 
some  unique  value  &om  the  domain  satisfying  these  constraints.  Note  that  there  is  no  information  on  Fletcher’s 
year  of  birth,  which  is  equivalent  to  stating  that  Fletcher  could  have  been  born  in  any  year. 


Oid 

Name 

Writers 

Yearjofjcomposition 

Constraints 

oidlO 

Othello 

{  oidl  } 

YIO 

(yiO  <  1605  A  yiO  >  1601)  V 
(yio  <  1598  A  yio  >  1595) 

oidll 

Macbeth 

{  oidl  } 

Yll 

yil  <  1608  A  yil  >  1604 

oidl2 

Henry  VIII 

SI 

yi2 

yi2<  1613  A  yi2>  1608  A 
oid2  €51  A  51  C  {  oidl,  oid2  } 

oid  13 

Meghdoot 

{  oid3  } 

yi3 

yi3  <  1050 

The  form  of  the  constraints  allowed  depends  on  the  types  of  the  E-attributes.  The  YearjofJsirth  and  the 
Yearjofjcomposition  E-attributes  are  of  type  integer,  and  hence  they  are  constrained  using  arithmetic  constraints 
over  integers.  For  example,  the  constraint  on  the  Yearjof.composition  attribute  of  oidlO  indicates  that  Othello 
was  composed  either  between  the  years  1601  and  1605  or  between  1595  and  1598. 

Similarly,  the  Writers  E-attribute  of  plays  is  of  type  set  of  playwrights  and  it  is  constrained  using  set  con¬ 
straints  O,  C,  €■  For  example,  the  constraint  on  the  Writers  attribute  of  oidl2  indicates  that  either  Fletcher  is  the 
sole  writer  of  Henry  VIII,  or  Fletcher  and  Shakespeare  are  joint  writers  of  that  play.  Note  that  this  represents 
partial  information  on  the  set  of  playwrights.  □ 

A  key  feature  of  the  Constraint  Object  Data  Model  is  that  the  constraints  that  the  CODM  allows  are  first- 
order,  i.e.,  the  names  and  types  of  the  attributes  an.  fixed  fm  each  fact  amd  object.  The  CODM  does  not  permit 
the  names  and/or  the  types  of  attributes  to  be  partially  specified  using  constraints;  only  the  values  of  these 
attributes  can  be  partially  specified  using  constraints. 

In  general,  constraints  can  be  incorporated  into  any  existing  data  model  (e.g.,  relational,  nested  relational, 
object-oriented)  and  the  resulting  constraint  data  model  can  be  used  to  represent  partially  specified  information, 
or  compactly  represent  sets  of  fully  specified  values.  We  do  not  discuss  this  point  further  in  this  paper. 


3  Constraint  Object  Query  Language 

We  present  the  declarative  Constraint  Object  Query  Language  (COQL)  that  can  be  used  to  reason  with  facts 
and  objects  in  the  constraint  object  data  model.  A  COQL  program  is  a  collection  of  rules  similar  to  Horn  rules, 
where  each  rule  has  a  body  and  a  head.  The  body  of  a  rule  is  a  conjunction  of  literals  and  constraints,  and 
the  head  of  the  rule  can  be  either  a  positive  literal  or  a  constraint.  COQL  allows  arbitrary  constraints,  not  just 
coiyunctions  of  primitive  constraints,  to  occur  in  the  bodies  and  heads  of  program  rules.  However,  we  do  not 
allow  any  constraints  in  rule  bodies  that  can  manipulate  the  “ranges”  of  possible  values  of  E-attributes;  this  can 
result  in  a  non-monotonic  behavior  of  the  rules,  which  makes  the  semantics  hard  to  define. 
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3.1  COQL:  Inferring  New  Relationships 

A  COQL  program  can  be  used  to  infer  new  relationships  (as  facts)  between  existing  objects  and  facts.  Object- 
creating  proposals  (e.g.,  [KKS92])  idso  allow  new  relationships  to  be  created  as  objects.  For  simplicity,  we 
assume  that  COQL  rules  do  not  create  new  objects;  this  condition  can  be  checked  syntactically  by  having  a 
safety  requirement,  that  any  object  identifier  appearing  in  the  head  of  a  COQL  rule  also  appears  in  a  body 
literal  of  that  rule.  Our  results  are  orthogonal  to  object-creating  proposals,  and  can  be  combined  with  them  in 
a  clean  fashion. 

We  now  present  some  simple  queries  to  motivate  the  inferring  of  new  relationships  using  COQL  rules. 
Example  3.1  (Selection) 

Consider  the  database  of  plays  and  playwrights  from  Example  2.1.  Suppose  we  want  to  know  the  names  of  all 
playwrights  bom  before  the  year  1700.  The  following  rule  seems  to  express  this  intuition,  using  the  dot  notation 
for  accessing  object  attributes: 

ql  (P.Name)  :  —  playwrights  (P),  P.Yearx)fJ)irth  <  1700. 

If  the  years  of  birth  of  all  the  playwrights  in  the  database  are  completely  specified,  rjiswering  this  query  is 
straightforward.  In  the  presence  of  partial  information  about  the  years  of  birth  of  the  playwrights,  there  are  two 
possible  semantics  that  can  be  used  to  answer  this  query. 

•  lYuth  in  si  least  one  possible  world. 

Under  this  semantics,  a  playwright  “satisfies”  the  query  if  at  least  one  assignment  of  fully  specified  values 
to  the  YearjofJtirth  attribute  of  the  playwright,  consistent  with  the  object  constraints,  satisfies  the  query. 
All  three  playwrights,  Shakespeare,  Fletcher  and  Kalidasa  would  be  retrieved  as  answers  to  the  query  under 
this  semantics.  Shakespeare  could  have  been  born  in  1564,  Fletcher  in  1600  and  Kalidasa  in  975;  these 
values  are  consistent  with  the  constraints  on  the  object  attributes. 

To  compute  this  answer  set  to  the  query,  we  need  to  check  satisfiability  of  the  conjunction  of  constraints 
present  in  the  object  and  the  constraints  present  in  the  query.  For  example, -the  conjunction  of  constraints 
oidS.YearjofJiirth  <  1000  A  oidS.YearjofJbirth  <  1700  (where  oid3  is  the  identifier  of  the  object  representing 
Kalidasa)  is  satisfiable  in  the  domain  of  integers. 

•  Tkuth  in  all  possible  worlds. 

Under  this  semantics,  a  playwright  “satisfies”  the  query  if  every  assignment  of  a  fully  specified  value  to  the 
YearjofJ>irth  attribute  of  the  playwright,  consistent  with  the  object  constraints,  satisfies  the  query.  Only 
Shakespeare  and  Kalidasa  would  be  retrieved  as  answers  to  the  query  under  this  semantics.  Fletcher  could 
have  been  boro  in  1800;  this  value  is  consistent  with  the  constraints  on  the  object  attributes,  while  being 
inconsistent  with  the  query  constraints. 

To  compute  this  answer  set  to  the  query,  we  need  to  check  that  the  constraints  present  in  the  objects  entail 
(i.e.,  imply)  the  query  constraints.  For  example,  the  conjunction  of  object  constraints  oidl.YearjofJ>irth  < 
1570  A  oidl.Yearjof_birth  >  1560  entails  the  (instantiated)  query  constraint  oidl.YearjofJjirth  <  1700  (where 
oidl  is  the  identifier  of  the  object  representing  Shakespeare)  in  the  domain  of  integers.  However,  the  object 
constraints  associated  with  Fletcher  do  not  entail  the  (instantiated)  query  constraint  oid2.YearjofJ>irth 
<  1700  (where  oid2  is  the  identifier  of  the  object  representing  Fletcher)  in  the  domain  of  integers. 

These  alternative  semantics  are  closely  related  to  the  semantics  of  Imielinski  et  al.  [INV91]  for  OR-objects;  we 
do  not  elabcttate  on  these  relationships  in  the  paper  for  lack  of  space.  □ 

Example  3.2  (Equtjoin) 

Suppose  we  want  to  know  the  names  of  all  plays  written  in  the  same  year  as  Macbeth.  The  following  rule  seems 
to  e]q>re8s  this  intuition: 
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q2  (P.Nam«)  :  —  plays  (P).  plays  (Pi).  Pi. Name  =  “Macbeth"^ 

P.Ycarjafxomposition  =  Pl.Yearjof.xomposition. 

If  the  yeats  of  composition  of  all  the  plays  in  the  database  are  completely  specified,  answering  this  query  is 
straightforward.  In  the  presence  of  partial  information,  there  are  agun  two  ways  in  which  this  query  can  be 
answered. 

Under  the  “truth  in  at  least  one  possible  world”  semantics,  the  play  Othello  would  be  an  answer  (since  both 
Othello  and  Macbeth  could  have  been  composed  in  1605,  for  example),  as  would  the  play  Henry  VIII  (since  both 
could  have  been  composed  in  1608,  for  example).  These  answers  can  be  obtained  by  checking  for  satisfiability  of 
the  copjunction  of  object  constraints  with  the  query  constraints.  Meghdoot  would  not  be  an  answer,  however, 
since  the  coiyunction  of  constraints  in  this  case  is  unsatisiiable. 

Note,  however,  that  each  answer  to  the  query  under  the  “truth  in  at  least  one  possible  world”  semantics  may 
hold  in  a  separate  possible  world.  While  Othello  and  Henry  VIII  are  both  answers  to  the  query  ?  q2  (Name), 
there  is  no  possible  world  in  which  both  of  them  could  have  been  composed  in  the  same  year.  One  possible  way 
of  overcoming  this  problem  is  to  ^ve,  along  with  each  answer  to  a  query,  a  description  of  the  possible  worlds  in 
which  that  answer  would  hold.  We  do  not  investigate  this  issue  here. 

Under  the  “truth  in  all  possible  worlds”  semantics,  only  the  play  Macbeth  itself  would  be  retrieved.  The 
conjunction  of  object  constraints  oidll.Yearjof_composition  <  1608  A  oidll.Yearjof.composition  >  1604  entails  the 
(instantiated)  query  constraint  oidll.Yearjofjcomposition  =  oidll.Yearjof.composition,  where  oidll  is  the  identifier 
for  Macbeth.  For  all  other  plays,  there  are  possible  worlds  in  which  they  could  have  been  composed  in  years 
other  than  Macbeth’s  year  of  composition;  the  check  for  entailment  would  fail.  □ 

Example  3.3  (Set  Constraints) 

Suppose  we  want  to  know  the  names  of  all  the  plays  written  by  Shakespeare.  The  following  rule  expresses  the 
query; 

q3  (P.Name)  :  —  plays  (P),  playwrights  (W).  W.Name  =  "Shckespeare” ,  P. Writers  =  S,  W  €  S. 

Under  the  “truth  in  at  least  one  possible  world”  semantics,  the  play  Henry  VIII  would  be  an  answer  (since 
Shakespeare  could  have  written  it  together  with  Fletcher)  as  would  Othello  and  Macbeth  (since  Shakespeare  is 
known  to  have  written  these).  The  first  answer  can  be  obtained  by  checking  the  satisfiability  of  the  conjunction 
of  the  object  constraints  oid2  €  oidl2.Writers  A  oidl2.Writer5  C  {  oidl,  oid2  }  with  the  (instantiated)  query 
constraint  oidl  €  oidl2. Writers. 

Under  the  “truth  in  all  possible  worlds”  semantics,  however,  Henry  VIII  would  not  be  em  answer.  This  is 
because  the  object  constraints  oid2  €  oidl2.Writers  A  oidl2.Writers  C  {  oidl,  oid2  }  do  not  entail  the  (instantiated) 
quay  constraint  oidl  €  oidl2.Writers.  Othello  and  Macbeth  would  be  the  only  answers  in  this  case.  □ 

3.2  COQL:  Monotonically  Refining  Objects 

COQL  programs  can  be  used  also  to  monotonically  refine  objects,  in  response  to  additional  information  available 
about  knowledge  that  we  are  trying  to  represent  in  the  database.  For  example,  suppose  research  determined  that 
Shakespeare  could  have  been  bom  no  later  than  1565,  then  the  object  Shakespeare  can  be  refined  by  conjoining 
the  constraint  Shakespeare. Year-ofJ>irth  <  1565. 

The  notion  of  declarative  monofontc  refinement  of  partially  specified  objects  is  one  of  the  novel  contributions 
of  this  pa{>et.  Object  refinement  can  be  formalized  in  terms  of  a  lattice  structure  describing  the  possible  states 
of  an  object,  with  a  given  information  theoretic  ordering.  The  value  ±  corresponds  to  having  no  information 
about  the  attribute  values  of  the  object,  and  T  corresponds  to  having  inconsistent  information  about  the  object. 
Object  refinement  now  can  be  thought  of  as  moving  up  this  information  lattice. 

Object  refinement  can  be  specified  declaratively  (under  the  “truth  in  all  possible  worlds”  semantics,  as 
discussed  below),  since  the  final  state  of  the  object  does  not  depend  on  the  specific  order  in  which  the  various 
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refinements  are  performed.  For  example,  suppose  the  “value”  of  the  attribute  YearjofJ>irth  of  Shakespeare  is 
Shakespeare. Year.ofJ>irth  <  1570  A  Shakespearc.Year_ofJ>irth  >  1560.  Then,  the  final  “value  ”  of  the  attribute 
YcarjofJiirth  of  Shakespeare  is  independent  of  the  order  in  which  the  refinements  Shakespeare.Year.of-birth  <  1565 
and  Shakespeare. Year_ofJiirth  >  1562  are  coiyoined. 

Refining  partially  specified  facts  in  this  fashion  poses  problems  because  facts  do  not  have  a  notion  of  an 
identity,  independent  of  the  attribute  values. 

We  give  an  example  of  declarative,  rule-based,  object  attribute  refinement  next.  The  body  of  a  refinement 
rule  is  similu  to  the  body  of  a  rule  used  to  infer  a  new  relationship,  as  described  previously.  The  head  of  a 
refinement  rule,  on  the  other  hand,  is  a  constraint  (not  necessarily  a  conjunction  of  primitive  constraints). 

Example  3.4  (Refining  Attributes  of  Objects) 

The  following  refinement  rule  seems  to  express  the  intuition  that  a  playwright  could  not  write  a  play  before 
birth: 

W.YesrjofJ)irth  <  P.Yearjof.composition  :  —  playwrights  (W).  plays  (P).  W  6  P. Writers. 

The  right  hand  side  (body)  of  the  rule  is  the  condition,  and  the  left  hand  side  (bead)  is  the  action  of  the  rule. 
If  the  body  is  satisfied,  then  the  instantiated  head  constraint  is  conjoined  to  the  global  constraints.  (This  is  an 
example  where  the  instantiated  head  constraint  is  an  inter-object  constraint,  and  hence  cannot  be  associated 
solely  with  a  single  object.) 

If  the  year  of  composition  of  Henry  VIII  were  known  to  be  1612,  then  we  could  conjoin  the  constraint 
Fletcher.Yearjof-birth  <  1612  to  the  global  collection  of  constraints  on  E-attributes. 

In  the  presence  of  partial  information,  we  give  a  meaning  to  refinement  rules  based  on  the  “truth  in 
all  possible  worlds”  semantics.  In  this  case,  we  would  copjoin  the  constraint  Fletcher.Year.ofJ)irth  <  Henry 
VIII.Yearj>fjcomposition  to  the  global  collection  of  constraints.  Conflicting  reflnements  could,  of  course,  result 
in  an  inconsistent  constraint  set.  □ 

Rules  that  refine  objects  can  be  combined  cleanly  with  rules  that  infer  relationships  between  existing  objects 
in  COQL  programs.  For  example,  the  rule  in  Example  3.4  can  be  combined  with  the  rule  in  Example  3.1.  In 
the  resulting  program,  Fletcher  also  would  be  an  answer  to  the  query  9I  under  the  “truth  in  all  possible  worlds” 
semantics. 

Rules  that  refine  objects  can  be  used  to  create  new  objects  as  well,  using  any  of  the  object-creating  proposals. 
The  advantage  of  our  approach  is  that  an  object  can  be  created  multiple  times,  possibly  with  different  values 
of  the  E-attributes;  the  result  is  to  conjoin  each  of  the  constraints  on  the  E)-attributes.  (If  an  object  is  created 
multiple  times,  with  different  values  for  a  fully-specified  attribute,  the  resultant  set  of  constraints  is  inconsistent, 
as  is  natural.)  This  technique  avoids  the  problem  faced  by  many  object-creating  proposrds  (e.g.,  [KKS92]),  of 
ensuring  that  the  “same”  object  is  not  created  multiple  times. 

If  we  adopted  the  “truth  in  at  least  one  possible  world”  semantics  for  object  refinement,  object  refinement 
becomes  order  dependent,  and  the  program  cannot  be  assigned  a  unique  meaning.  The  following  example 
illustrates  this  problem; 

Exsonple  3.5  (Order  Dependence) 

Consider  a  program  with  the  following  two  refinement  rules:* 

W.Yearjof-birth  =  1560  :  —  playwrights  (W),  W.Yearjof_bifth  <  1565. 

W.Yearjof-birth  =  1570  :  —  playwrights  (W),  W.Yearjof_birth  >  1566. 

In  Example  2.1,  Shakespeare’s  year  of  birth  is  known  to  be  between  1560  and  1570.  Under  the  “truth  in  at 
least  one  possible  world”  semantics,  the  order  in  which  these  two  rules  are  applied  could  result  in  Shakespeare’s 

^Although  the  rok*  do  not  make  intuitive  senae,  this  example  is  purely  for  illustrating  a  point. 
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year  of  birth  being  refined  to  either  1560  or  1570.  (Once  one  of  the  rules  is  applied,  the  other  rule  becomes 
inapplicable.)  Under  the  truth  in  2dl  possible  worlds  semantics,  the  object  Shakespeare  would  not  be  refined. 

Note  that  if  Shakespeare’s  year  of  birth  were  initially  specified  as  1564,  then  the  result  of  applying  these 
refinement  rules  would  make  the  object  have  inconsistent  constraints,  under  the  truth  in  all  possible  worlds 
semantics.  This,  however,  would  not  be  order  dependent.  □ 

4  Set-Order  Constraints 

In  the  examples  discussed  in  the  paper,  we  used  order  constraints  (i.e.,  arithmetic  constraints  involving  <,<,=,> 
and  >,  but  no  arithmetic  functions  such  as  +,  —  or  *)  and  set  constraints  of  a  restricted  form  (i.e.,  those  involving 
€,  C  and  3,  but  not  involving  fimctions  such  as  U  and  D).  Techniques  for  quantifier  elimination,  checking 
satisfaction  and  entaikaent  for  order  constraints  over  various  domains  are  known  in  the  literature  (see  [U1189], 
for  instance). 

We  now  briefly  describe  a  polynomial-time  quantifier  elimination  algorithm  for  a  conjunction  of  a  restricted 
form  of  set  constraints,  that  we  call  seUorder  constraints.  Satisfaction  and  entailment  of  conjunctions  of  set-order 
constraints  can  be  solved  (in  polynomial- time)  using  the  quantifier  elimination  algorithm. 

4.1  Quantifier  Elimination  for  Set-Order  Constraints 

We  will  use  the  symbols  X,Y,Z  to  denote  set  variables  that  range  over  finite  sets  of  elements  of  type  D.  A 
set-order  constraint  is  of  one  of  the  following  types; 

cex,xcs,scx,xcy 

where  c  is  a  constant  of  type  D,  and  s  is  a  set  of  constants  of  type  D. 

Quantifier  Elimination 

Input:  A  conjunction  Q  of  set-order  constraints  and  a  set  variable  Y  to  be  eliminated. 

Output:  A  conjunction  of  set-order  constraints,  such  that  3YQ  and  Q'  are  equivalent. 

Algorithm;  Do  the  following  steps  in  order: 

1.  Rrst  rewrite  every  constraint  of  the  form  c  €  X  into  {c}  C  X. 

2.  For  each  set  variable  X,  take  the  union  of  ail  sets  s,  such  that  s  C  X  is  in  the  conjunction.  Let  the  union  be 
the  set  Lx-  Delete  all  constraints  of  the  form  s  C  X  from  the  conjunction,  and  add  the  constraint  Lx  C  X  to 
the  conjunction. 

3.  For  each  set  variable  X  take  the  intersection  of  all  sets  s,  such  that  X  C  s  is  in  the  conjunction.  Let  the 
intersection  be  the  set  Ux-  Delete  all  constraints  of  the  form  X  C  s  from  the  conjunction  and  add  the 
constraint  X  C  Ux- 

4.  For  each  pair  of  constraints  of  the  form  N  QY  and  Y  C  M,  where  y  is  the  set  variable  to  be  eliminated,  and 
N  and  M  are  either  set  variables  or  sets  of  constants,  add  the  constraint  N  C  M.  After  this  is  done  for  each 
such  pair,  delete  all  constraints  in  which  Y  occurs.  Repeat  steps  2  and  3. 

5.  Check  each  constraint  of  the  form  si  C  S2  where  Si  and  $3  are  sets  of  constants  from  domain  D.  If  they 
are  all  satisfied,  delete  all  such  constraints  from  the  conjunction  and  return  the  conjunction  of  the  remaining 
constraints.  If  any  one  of  these  constraints  is  not  satisfied,  then  return  FALSE. 
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Example  4.1  (Quantifier  elimination) 

Let  Q  be  the  following  coi^unction  of  set-order  constraints: 

3  e  i  c  ;e,  JV  c  {3, 4, 8, 9},  a:  c  y .  y  c  {2, 3, 5, 7. 8} 

From  constraint  Q  we  can  eliminate  set  variable  Y  as  follows: 


Step  1 

Replace  3  € 

;  Z  by  {3}  C  Z. 

Step  2 

No  change. 

Step  3 

No  change. 

Step  4 

We  get  {3} 

cz,zc;f,A’c 

{3, 4, 8, 9),  a:  C  {2, 3, 5, 7, 8} 

Step  2 

No  change. 

Step  3 

We  get  {3} 

in 

in 

in 

{3.8}. 

Step  5 

No  change. 

Hence,  we  return 

{3}CZ,ZC.Y,.;i'C  {3,8}. 

Suppose  now,  that  we  also  want  to  eliminate  set  variable  Z.  This  will  be  done  by  quantifier  elimination  algorithm 
as  follows: 

Steps  1-3  :  No  change. 

Step  4  :  We  get  {3}  CX.XC  {3,8}. 

Step  5  :  No  change.  Hence,  we  return  {3}  C  X,X  C  {3,8}. 

□ 

Theorem  4.1  Lei  Q  be  a  conjunction  of  seUorder  constraints  and  Y  be  a  set  variable.  The  quantifier  elimination 
algorithm  on  input  Q  and  Y  will  yield  in  PTIME,  in  the  size  of  Q,  a  conjunction  of  set-order  constraints  O' 
such  that  BYQ  and  O'  are  equivalent. 

Further,  if  O'  has  n  set  variables,  then  the  number  of  conjuncis  in  Q'  is  at  most  +  2*  n.  O 

The  quantifier  elimination  algorithm  can  be  used  also  to  check  for  satisfiability  of  a  conjunction  of  set-order 
constraints,  by  successively  eliminating  set  variables  until  either  there  are  no  more  set  variables  remaining  (in 
which  case  the  original  conjunction  is  satisfiable)  or  the  quantifier  elimination  algorithm  returns  FALSE  (in 
which  case  the  original  conjunction  is  unsatisfiable).  The  bound  on  the  maximum  number  of  conjuncts  after 
eliminating  a  set  variable  guarantees  a  polynomial-time  algorithm  for  checking  satisfiability. 

Theorem  4.2  Let  Q  be  a  conjunction  of  set-order  constraints.  Checking  whether  Q  is  satisfiable  is  in  PTIME, 
tn  the  size  ofQ.O 

The  algorithm  for  checking  satisfiability  carmot  be  used  for  checking  for  entulment  of  conjunctions  of  set-order 
constraints  (using  the  reduction  from  a  check  for  entailment  to  a  polynomial  number  of  checks  for  satisfaction), 
since  set-order  constraints  are  not  closed  under  negation  (For  example,  .Y  ^  y  is  not  a  set-order  constraint.) 

However,  the  quantifier  elimination  algorithm  can  be  used  directly  as  a  basis  for  checking  entailment  of 
coiqunctions  of  set-order  constraints  in  PTIME,  as  follows. 

Checking  the  entailment  of  a  conjunction  of  set-order  constraints  Q2  by  a  conjunction  of  set-order  constraints 
Qi  can  be  done  by  reduction  to  a  number  of  entailment  checks  of  each  set-order  constraint  in  Qj  by  the 
coiyunction  Qi. 

The  following  result  shows  how  the  quantifier  elimination  algorithm  can  be  used  to  simplify  checking  the 
entailment  of  a  set-order  constraint  by  an  arbitrarily  large  coqjunction  of  set-order  constraints. 
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Theorem  4.3  Lei  Q  be  a  conjunction  of  set-order  constraints  over  the  set  variables  Xi, . . . ,  Xm-  Let  Q\  be  the 
result  of  elimination  cf  variables  Xa, . .  -  .Xm  from  Q.  Let  Q2  be  the  result  of  elimination  of  variable  X2  from 
Qi-  Then,  (1)  Q  entails  X\  C  X2  if  and  only  if  Qi  entails  Xi  C  X2,  (2)  Q  entails  Xi  C  s  if  and  only  if  Q2 
entails  Xi  C  s,  and  (S)  Q  entails  s  C  if  and  only  if  Q2  entails  5  C  JVi-  □ 

The  following  two  results  show  how  to  check  whether  a  set-order  constraint  is  entailed  by  a  simple  form  of  a 
coiyunctiun  of  set-order  constraints. 

Theorem  4.4  Let  Q  be  a  conjunction  of  set- order  constraints  over  X .  Let  Ux  tbe  upper  bound  (possibly  the 
set  of  all  elements  in  domain  D)  on  X  and  Lx  be  the  lower  bound  (possibly  the  empty  set)  on  X. 

Then  Q  entails  X  Cs  if  and  only  ifUx  Q  *•  Also,  Q  entails  s  C  X  if  and  only  if  s  C  Lx-  O 

Theorem  4.5  Let  Q  be  a  conjunction  of  set-order  constraints  over  Xi,X2-  Let  Uxi  be  the  upper  bound  (if  any) 
on  Xi  and  Lx2  be  the  lower  bound  (if  any)  on  X2.  Then  Q  entails  C  X2  if  and  only  if  (1)  Q  is  unsatisfiable, 
or  (i)  Xi  CX2  is  in  Q,  or  (S)  Uxi  Q  Lx2-  D 

5  COQL:  Model  Theory  and  Fixpoint  Semantics 

COQL  has  a  model-theoretic  and  an  equivalent  fixpoint  semantics,  based  on  the  notions  of  constraint  entailment 
atnd  “truth  in  all  possible  worlds” .  The  semantics  of  COQL  is  based  on  the  notion  of  “truth  in  all  possible  worlds’ 
for  several  reasons: 

•  Object  refinement  is  order  independent;  this  is  a  very  desirable  property. 

•  An  answer  to  a  query  is  unconditionally  true. 

•  An  answer  to  a  query  continues  to  be  true,  even  after  the  database  objects  are  monotonically  refined. 

We  briefly  describe  the  model-theoretic  and  fixpoint  semantics  here;  details  and  the  equivalence  proof  are 
omitted  for  reasons  of  space.  Consider  a  COQL  program  P,  and  a  collection  of  facts  and  objects  7.  We  assume 
that  all  the  variables  in  each  rule  body  of  P  have  been  standardized  apart,  possibly  by  introducing  equality 
constraints  between  some  of  the  variables;  this  is  important  in  checking  for  entailment. 

5.1  Model-theoretic  Semantics 

An  assignment  of  facts  and  objects  to  the  body  literals  of  a  rule  r  of  program  P  makes  the  body  of  r  true  if  the 
constraints  associated  with  the  facts  and  the  objects  entail  the  (instantiated)  constraints  between  the  variables 
present  in  the  body  of  rule  r.  A  relationship  inferring  rule  r  is  true  in  I  if,  for  every  assignment  of  facts  and 
objects  to  the  body  literals  of  r  that  makes  the  body  true,  the  instantiated  head  fact  of  rule  r  is  entailed  by  (the 
constraints  associated  with)  some  fact  /  in  7.  An  object  refinement  rule  r  is  true  in  7  if,  for  every  assignment  of 
facts  and  objects  to  the  body  literals  of  r  that  makes  the  body  true,  the  instantiated  head  object  Or  occurs  in 
7,  and  the  instantiated  head  constraint  of  the  rule  is  entailed  by  the  object  constraints  associated  with  Or  ■  The 
collection  7  of  facts  and  objects  is  said  to  be  a  model  of  a  COQL  program  if  each  program  rule  is  true  in  7. 

The  model-theoretic  semantics  of  COQL  is  a  least  model  semtmtics,  where  model  M\  <  model  M2,  if  for 
each  fact  (or  object)  fi  in  Mi,  there  is  a  fact  (or  object)  /2  in  M2,  such  that  fi  entails  /j.  The  existence  of  a 
least  model  is  guaranteed  since  we  can  show  that  the  “intersection”  of  COQL  program  models  is  also  a  COQL 
program  model. 
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5.2  Fixpoint  semantics 

The  fixpoint  semantics  is  defined  in  terms  of  an  immediate  consequence  operator,  Tp .  Given  the  collection  /  of  . 
facts  and  objects,  we  define  Tp(I)  as  follows.  Let  r  be  a  rule.  If  there  is  an  assignment  of  facts  and  objects  from 
I  to  literals  in  the  body  of  r  such  that  the  body  is  true,  then  the  instantiated  head  fact  (or  head  object)  is  in 
!>(/). 

The  fixpoint  semantics  of  COQL  is  based  on  the  least  fixpoint  of  the  7>  operator,  which  can  be  computed 
starting  &om  the  empty  collection  of  facts  and  objects,  as  Tp(9)  U  Tp(Tp(9))  U  —  In  computing  the  unions,  all 
the  constraints  associated  with  an  object  o  have  to  be  conjoined  together.  The  existence  of  the  least  fixpoint  is 
guaranteed  by  the  monotonicity  of  the  Tp  operator. 

Theorem  5.1  Consider  a  COQL  program  P.  It  has  a  least  model  semantics  and  a  least  fixpoint  semantics, 
which  coincide.  □ 

Note  that  in  the  absence  of  objects  with  object  identifiers,  the  semantics  of  COQL  is  very  similar  to  the 
standard  semantics  [vEK76],  except  that  constraint  entailment  is  used  instead  of  constreunt  satisfaction;  this  is 
required  by  the  notion  of  “truth  in  all  possible  worlds” . 

The  techniques  of  [KKR90]  can  be  used  to  show  that  if  a  COQL  program  and  facts/objects  use  only  arithmetic 
order  constraints,  the  answer  to  a  query  can  be  computed  in  PTIME  data  complexity.  The  following  result  shows 
that  a  similar  complexity  is  achieved  for  a  restricted  case  of  COQL  programs  with  set-order  constraints. 

Theorem  5.2  Consider  a  COQL  program  P  with  only  refinement  rules  using  set-order  constraints,  and  a  col¬ 
lection  of  objects  I.  Let  the  E-attributes  of  the  objects  in  I  be  constrained  using  only  set-order  constraints. 
Computing  the  answer  to  a  guery  can  be  done  in  PTIME  in  the  size  of  I.  □ 

Our  notion  of  partially  specified  objects  is  related  to  Saraswat’s  notion  of  store-as-constraint.  The  store  can 
be  viewed  as  a  single  object  with  a  given  collection  of  E-attributes.  Consider  this  case;  programs  written  in  COQL 
and  Saraswat’s  cc(J..  — »)  refine  the  object/store,  based  on  constraint  entailment.  However,  the  resulting  semantics 
are  quite  different.  Saraswat’s  semantics  is  an  operational,  indeterministic  semantics,  based  on  satisfying  each 
goal  in  at  most  one  possible  way,  whereas  our  semantics  is  a  fixpoint  semantics.  We  conjecture  that  a  suitable 
combination  of  Magic  Templates  rewriting  [Ram91]  (which  rewrites  a  program  such  that  both  goals  and  answers 
are  computed  in  the  fixpoint  evaluation)  and  indeterminacy  can  be  used  to  simulate  the  semaintics  of  cc(].,  — ») 
using  the  semantics  of  COQL. 

6  Conclusions  and  Future  Work 

We  presented  the  Constraint  Object  Data  Model,  and  the  Constraint  Object  Query  Language,  which  we  believe 
go  a  long  way  in  incorporating  the  ability  to  represent  and  manipulate  partially  specified  information  in  object- 
based  database  systems. 

There  are  many  interesting  directions  to  pursue.  Determining  classes  of  programs  with  tractable  data  com¬ 
plexity  is  extremely  important.  Optimizing  COQL  queries  is  another  important  direction  of  research.  Stuckey 
and  Sudarshan  [SS94]  present  compilation  techniques  for  query  constraints  in  logic  programs,  essentially  ex¬ 
tending  Magic  sets  to  handle  general  query  constraints,  not  just  equality  constraints  on  queries.  It  would  be 
interesting  to  see  how  these  techniques  apply  to  COQL  programs.  Finally,  many  of  our  ideas  and  techniques 
seem  applicable  to  temporal  database  languages.  Exploring  the  interconnections  is  likely  to  be  an  interesting 
direction  of  research. 
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